diff --git a/CVE-2020/CVE-2020-367xx/CVE-2020-36735.json b/CVE-2020/CVE-2020-367xx/CVE-2020-36735.json new file mode 100644 index 00000000000..c06643e8527 --- /dev/null +++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36735.json @@ -0,0 +1,87 @@ +{ + "id": "CVE-2020-36735", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-07-01T03:15:15.960", + "lastModified": "2023-07-01T03:15:15.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/", + "source": "security@wordfence.com" + }, + { + "url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/", + "source": "security@wordfence.com" + }, + { + "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/", + "source": "security@wordfence.com" + }, + { + "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/", + "source": "security@wordfence.com" + }, + { + "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/", + "source": "security@wordfence.com" + }, + { + "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/", + "source": "security@wordfence.com" + }, + { + "url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2368462%40erp&new=2368462%40erp&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01b90498-0ddb-4eb3-b76d-de30ed03d7d0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-279xx/CVE-2023-27964.json b/CVE-2023/CVE-2023-279xx/CVE-2023-27964.json index 2fdffc32a81..894b8da0c24 100644 --- a/CVE-2023/CVE-2023-279xx/CVE-2023-27964.json +++ b/CVE-2023/CVE-2023-279xx/CVE-2023-27964.json @@ -2,19 +2,75 @@ "id": "CVE-2023-27964", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.197", - "lastModified": "2023-06-23T19:24:43.457", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-01T03:25:46.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:apple:airpods_firmware:5e133:*:*:*:*:*:*:*", + "matchCriteriaId": "52CE6236-BB3E-4B7B-8A4F-173E88C969B1" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.apple.com/en-us/HT213752", - "source": "product-security@apple.com" + "source": "product-security@apple.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3391.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3391.json index 943a5ea501f..9bfd8f0e852 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3391.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3391.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3391", "sourceIdentifier": "cna@vuldb.com", "published": "2023-06-23T16:15:09.693", - "lastModified": "2023-06-23T17:21:14.907", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-01T03:23:49.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:human_resource_management_system_project:human_resource_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F568F825-03F3-4EA1-8140-AD0DCA462881" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mohdkey/Human-Resource-Management-System/blob/main/Human%20Resource%20Management%20System%20detailview.php%20has%20Sqlinjection.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.232288", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.232288", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3420.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3420.json index 6786b47183d..827cd1d8a01 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3420.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3420.json @@ -2,27 +2,110 @@ "id": "CVE-2023-3420", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-26T21:15:09.557", - "lastModified": "2023-06-29T04:15:10.180", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-01T03:23:35.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "114.0.5735.198", + "matchCriteriaId": "C097E9DA-6B39-40DB-BB27-66DBC5742D34" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1452137", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5440", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3421.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3421.json index 1b47c559ee3..0e06c164480 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3421.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3421.json @@ -2,27 +2,110 @@ "id": "CVE-2023-3421", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-26T21:15:09.597", - "lastModified": "2023-06-29T04:15:10.303", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-01T03:23:17.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "114.0.5735.198", + "matchCriteriaId": "C097E9DA-6B39-40DB-BB27-66DBC5742D34" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1447568", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5440", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3422.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3422.json index 0968884f36c..58ea664c0cf 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3422.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3422.json @@ -2,27 +2,110 @@ "id": "CVE-2023-3422", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-06-26T21:15:09.640", - "lastModified": "2023-06-29T04:15:10.363", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-07-01T03:23:07.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "114.0.5735.198", + "matchCriteriaId": "C097E9DA-6B39-40DB-BB27-66DBC5742D34" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1450397", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5440", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 396348afbac..602375d2673 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-01T02:00:28.769607+00:00 +2023-07-01T04:00:32.941354+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-01T00:15:10.337000+00:00 +2023-07-01T03:25:46.450000+00:00 ``` ### Last Data Feed Release @@ -29,31 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -218996 +218997 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `1` -* [CVE-2021-31982](CVE-2021/CVE-2021-319xx/CVE-2021-31982.json) (`2023-07-01T00:15:09.683`) -* [CVE-2021-34475](CVE-2021/CVE-2021-344xx/CVE-2021-34475.json) (`2023-07-01T00:15:09.757`) -* [CVE-2021-34506](CVE-2021/CVE-2021-345xx/CVE-2021-34506.json) (`2023-07-01T00:15:09.823`) -* [CVE-2021-42307](CVE-2021/CVE-2021-423xx/CVE-2021-42307.json) (`2023-07-01T00:15:09.883`) -* [CVE-2023-22814](CVE-2023/CVE-2023-228xx/CVE-2023-22814.json) (`2023-07-01T00:15:09.970`) -* [CVE-2023-28323](CVE-2023/CVE-2023-283xx/CVE-2023-28323.json) (`2023-07-01T00:15:10.057`) -* [CVE-2023-28324](CVE-2023/CVE-2023-283xx/CVE-2023-28324.json) (`2023-07-01T00:15:10.103`) -* [CVE-2023-28364](CVE-2023/CVE-2023-283xx/CVE-2023-28364.json) (`2023-07-01T00:15:10.150`) -* [CVE-2023-28365](CVE-2023/CVE-2023-283xx/CVE-2023-28365.json) (`2023-07-01T00:15:10.197`) -* [CVE-2023-30586](CVE-2023/CVE-2023-305xx/CVE-2023-30586.json) (`2023-07-01T00:15:10.247`) -* [CVE-2023-30589](CVE-2023/CVE-2023-305xx/CVE-2023-30589.json) (`2023-07-01T00:15:10.293`) -* [CVE-2023-31997](CVE-2023/CVE-2023-319xx/CVE-2023-31997.json) (`2023-07-01T00:15:10.337`) +* [CVE-2020-36735](CVE-2020/CVE-2020-367xx/CVE-2020-36735.json) (`2023-07-01T03:15:15.960`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `5` +* [CVE-2023-3422](CVE-2023/CVE-2023-34xx/CVE-2023-3422.json) (`2023-07-01T03:23:07.117`) +* [CVE-2023-3421](CVE-2023/CVE-2023-34xx/CVE-2023-3421.json) (`2023-07-01T03:23:17.043`) +* [CVE-2023-3420](CVE-2023/CVE-2023-34xx/CVE-2023-3420.json) (`2023-07-01T03:23:35.513`) +* [CVE-2023-3391](CVE-2023/CVE-2023-33xx/CVE-2023-3391.json) (`2023-07-01T03:23:49.537`) +* [CVE-2023-27964](CVE-2023/CVE-2023-279xx/CVE-2023-27964.json) (`2023-07-01T03:25:46.450`) ## Download and Usage