Auto-Update: 2023-08-09T04:00:41.613335+00:00

2025-07-09 16:05:11 +00:00 · 2023-08-09 04:00:45 +00:00 · 2023-08-09 04:00:45 +00:00 · 8db170896e
commit 8db170896e
parent 95c772d941
4 changed files with 143 additions and 12 deletions
--- a/CVE-2023/CVE-2023-393xx/CVE-2023-39341.json
+++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39341.json
@ -0,0 +1,40 @@
+{
+  "id": "CVE-2023-39341",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-08-09T03:15:43.870",
+  "lastModified": "2023-08-09T03:15:43.870",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\"FFRI yarai\", \"FFRI yarai Home and Business Edition\" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. \r\nAffected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN42527152/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.ffri.jp/security-info/index.htm",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.skyseaclientview.net/news/230807_01/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.soliton.co.jp/support/zerona_notice_2023.html",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.sourcenext.com/support/i/2023/230718_01",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.support.nec.co.jp/View.aspx?id=3140109240",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json
+++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json
@ -0,0 +1,36 @@
+{
+  "id": "CVE-2023-39910",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-09T03:15:44.867",
+  "lastModified": "2023-08-09T03:15:44.867",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from \"bx seed\" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against \"bx seed\" but others disagree. NOTE: this was exploited in the wild in June and July 2023."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/commands/seed.cpp#L44",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/utility.cpp#L78",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/libbitcoin/libbitcoin-system/blob/a1b777fc51d9c04e0c7a1dec5cc746b82a6afe64/src/crypto/pseudo_random.cpp#L66C12-L78",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://milksad.info/disclosure.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://news.ycombinator.com/item?id=37054862",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-42xx/CVE-2023-4239.json
+++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4239.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-4239",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2023-08-09T03:15:45.230",
+  "lastModified": "2023-08-09T03:15:45.230",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/real-estate-manager/tags/6.7.1/classes/shortcodes.class.php#L1439",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-08T23:55:25.499786+00:00
+2023-08-09T04:00:41.613335+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-08T22:15:10.827000+00:00
+2023-08-09T03:15:45.230000+00:00
 ```

 ### Last Data Feed Release
@ -23,26 +23,22 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-08-08T00:00:13.560270+00:00
+2023-08-09T00:00:13.570559+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-222114
+222117
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `7`
+Recently added CVEs: `3`

-* [CVE-2023-39209](CVE-2023/CVE-2023-392xx/CVE-2023-39209.json) (`2023-08-08T22:15:09.517`)
-* [CVE-2023-39210](CVE-2023/CVE-2023-392xx/CVE-2023-39210.json) (`2023-08-08T22:15:10.380`)
-* [CVE-2023-39211](CVE-2023/CVE-2023-392xx/CVE-2023-39211.json) (`2023-08-08T22:15:10.473`)
-* [CVE-2023-39212](CVE-2023/CVE-2023-392xx/CVE-2023-39212.json) (`2023-08-08T22:15:10.567`)
-* [CVE-2023-39213](CVE-2023/CVE-2023-392xx/CVE-2023-39213.json) (`2023-08-08T22:15:10.657`)
-* [CVE-2023-39214](CVE-2023/CVE-2023-392xx/CVE-2023-39214.json) (`2023-08-08T22:15:10.737`)
-* [CVE-2023-39951](CVE-2023/CVE-2023-399xx/CVE-2023-39951.json) (`2023-08-08T22:15:10.827`)
+* [CVE-2023-39341](CVE-2023/CVE-2023-393xx/CVE-2023-39341.json) (`2023-08-09T03:15:43.870`)
+* [CVE-2023-39910](CVE-2023/CVE-2023-399xx/CVE-2023-39910.json) (`2023-08-09T03:15:44.867`)
+* [CVE-2023-4239](CVE-2023/CVE-2023-42xx/CVE-2023-4239.json) (`2023-08-09T03:15:45.230`)


 ### CVEs modified in the last Commit