Auto-Update: 2023-07-01T04:00:32.941354+00:00

This commit is contained in:
cad-safe-bot 2023-07-01 04:00:36 +00:00
parent fafb6b4ab8
commit 75c2fc1a4a
7 changed files with 481 additions and 44 deletions

View File

@ -0,0 +1,87 @@
{
"id": "CVE-2020-36735",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-01T03:15:15.960",
"lastModified": "2023-07-01T03:15:15.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368462%40erp&new=2368462%40erp&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01b90498-0ddb-4eb3-b76d-de30ed03d7d0?source=cve",
"source": "security@wordfence.com"
}
]
}

View File

@ -2,19 +2,75 @@
"id": "CVE-2023-27964",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:11.197",
"lastModified": "2023-06-23T19:24:43.457",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-01T03:25:46.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:airpods_firmware:5e133:*:*:*:*:*:*:*",
"matchCriteriaId": "52CE6236-BB3E-4B7B-8A4F-173E88C969B1"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213752",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3391",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-23T16:15:09.693",
"lastModified": "2023-06-23T17:21:14.907",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-01T03:23:49.537",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
@ -71,18 +93,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mohdkey/Human-Resource-Management-System/blob/main/Human%20Resource%20Management%20System%20detailview.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.232288",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.232288",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

View File

@ -2,27 +2,110 @@
"id": "CVE-2023-3420",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-26T21:15:09.557",
"lastModified": "2023-06-29T04:15:10.180",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-01T03:23:35.513",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "114.0.5735.198",
"matchCriteriaId": "C097E9DA-6B39-40DB-BB27-66DBC5742D34"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1452137",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5440",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

View File

@ -2,27 +2,110 @@
"id": "CVE-2023-3421",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-26T21:15:09.597",
"lastModified": "2023-06-29T04:15:10.303",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-01T03:23:17.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "114.0.5735.198",
"matchCriteriaId": "C097E9DA-6B39-40DB-BB27-66DBC5742D34"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1447568",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5440",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

View File

@ -2,27 +2,110 @@
"id": "CVE-2023-3422",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-06-26T21:15:09.640",
"lastModified": "2023-06-29T04:15:10.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-01T03:23:07.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "114.0.5735.198",
"matchCriteriaId": "C097E9DA-6B39-40DB-BB27-66DBC5742D34"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
}
],
"references": [
{
"url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://crbug.com/1450397",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5440",
"source": "chrome-cve-admin@google.com"
"source": "chrome-cve-admin@google.com",
"tags": [
"Third Party Advisory"
]
}
]
}

View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-01T02:00:28.769607+00:00
2023-07-01T04:00:32.941354+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-01T00:15:10.337000+00:00
2023-07-01T03:25:46.450000+00:00
```
### Last Data Feed Release
@ -29,31 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
218996
218997
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `1`
* [CVE-2021-31982](CVE-2021/CVE-2021-319xx/CVE-2021-31982.json) (`2023-07-01T00:15:09.683`)
* [CVE-2021-34475](CVE-2021/CVE-2021-344xx/CVE-2021-34475.json) (`2023-07-01T00:15:09.757`)
* [CVE-2021-34506](CVE-2021/CVE-2021-345xx/CVE-2021-34506.json) (`2023-07-01T00:15:09.823`)
* [CVE-2021-42307](CVE-2021/CVE-2021-423xx/CVE-2021-42307.json) (`2023-07-01T00:15:09.883`)
* [CVE-2023-22814](CVE-2023/CVE-2023-228xx/CVE-2023-22814.json) (`2023-07-01T00:15:09.970`)
* [CVE-2023-28323](CVE-2023/CVE-2023-283xx/CVE-2023-28323.json) (`2023-07-01T00:15:10.057`)
* [CVE-2023-28324](CVE-2023/CVE-2023-283xx/CVE-2023-28324.json) (`2023-07-01T00:15:10.103`)
* [CVE-2023-28364](CVE-2023/CVE-2023-283xx/CVE-2023-28364.json) (`2023-07-01T00:15:10.150`)
* [CVE-2023-28365](CVE-2023/CVE-2023-283xx/CVE-2023-28365.json) (`2023-07-01T00:15:10.197`)
* [CVE-2023-30586](CVE-2023/CVE-2023-305xx/CVE-2023-30586.json) (`2023-07-01T00:15:10.247`)
* [CVE-2023-30589](CVE-2023/CVE-2023-305xx/CVE-2023-30589.json) (`2023-07-01T00:15:10.293`)
* [CVE-2023-31997](CVE-2023/CVE-2023-319xx/CVE-2023-31997.json) (`2023-07-01T00:15:10.337`)
* [CVE-2020-36735](CVE-2020/CVE-2020-367xx/CVE-2020-36735.json) (`2023-07-01T03:15:15.960`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `5`
* [CVE-2023-3422](CVE-2023/CVE-2023-34xx/CVE-2023-3422.json) (`2023-07-01T03:23:07.117`)
* [CVE-2023-3421](CVE-2023/CVE-2023-34xx/CVE-2023-3421.json) (`2023-07-01T03:23:17.043`)
* [CVE-2023-3420](CVE-2023/CVE-2023-34xx/CVE-2023-3420.json) (`2023-07-01T03:23:35.513`)
* [CVE-2023-3391](CVE-2023/CVE-2023-33xx/CVE-2023-3391.json) (`2023-07-01T03:23:49.537`)
* [CVE-2023-27964](CVE-2023/CVE-2023-279xx/CVE-2023-27964.json) (`2023-07-01T03:25:46.450`)
## Download and Usage