diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39341.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39341.json new file mode 100644 index 00000000000..1c139e13689 --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39341.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2023-39341", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-08-09T03:15:43.870", + "lastModified": "2023-08-09T03:15:43.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\"FFRI yarai\", \"FFRI yarai Home and Business Edition\" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. \r\nAffected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN42527152/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.ffri.jp/security-info/index.htm", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.skyseaclientview.net/news/230807_01/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.soliton.co.jp/support/zerona_notice_2023.html", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.sourcenext.com/support/i/2023/230718_01", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.support.nec.co.jp/View.aspx?id=3140109240", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json new file mode 100644 index 00000000000..7bb9f7e7a3c --- /dev/null +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-39910", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-09T03:15:44.867", + "lastModified": "2023-08-09T03:15:44.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from \"bx seed\" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against \"bx seed\" but others disagree. NOTE: this was exploited in the wild in June and July 2023." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/commands/seed.cpp#L44", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/libbitcoin/libbitcoin-explorer/blob/20eba4db9a8a3476949d6fd08a589abda7fde3e3/src/utility.cpp#L78", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/libbitcoin/libbitcoin-system/blob/a1b777fc51d9c04e0c7a1dec5cc746b82a6afe64/src/crypto/pseudo_random.cpp#L66C12-L78", + "source": "cve@mitre.org" + }, + { + "url": "https://milksad.info/disclosure.html", + "source": "cve@mitre.org" + }, + { + "url": "https://news.ycombinator.com/item?id=37054862", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4239.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4239.json new file mode 100644 index 00000000000..00b926f419b --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4239.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4239", + "sourceIdentifier": "security@wordfence.com", + "published": "2023-08-09T03:15:45.230", + "lastModified": "2023-08-09T03:15:45.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/real-estate-manager/tags/6.7.1/classes/shortcodes.class.php#L1439", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 73855e3c804..6d72b4db614 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-08T23:55:25.499786+00:00 +2023-08-09T04:00:41.613335+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-08T22:15:10.827000+00:00 +2023-08-09T03:15:45.230000+00:00 ``` ### Last Data Feed Release @@ -23,26 +23,22 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-08-08T00:00:13.560270+00:00 +2023-08-09T00:00:13.570559+00:00 ``` ### Total Number of included CVEs ```plain -222114 +222117 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `3` -* [CVE-2023-39209](CVE-2023/CVE-2023-392xx/CVE-2023-39209.json) (`2023-08-08T22:15:09.517`) -* [CVE-2023-39210](CVE-2023/CVE-2023-392xx/CVE-2023-39210.json) (`2023-08-08T22:15:10.380`) -* [CVE-2023-39211](CVE-2023/CVE-2023-392xx/CVE-2023-39211.json) (`2023-08-08T22:15:10.473`) -* [CVE-2023-39212](CVE-2023/CVE-2023-392xx/CVE-2023-39212.json) (`2023-08-08T22:15:10.567`) -* [CVE-2023-39213](CVE-2023/CVE-2023-392xx/CVE-2023-39213.json) (`2023-08-08T22:15:10.657`) -* [CVE-2023-39214](CVE-2023/CVE-2023-392xx/CVE-2023-39214.json) (`2023-08-08T22:15:10.737`) -* [CVE-2023-39951](CVE-2023/CVE-2023-399xx/CVE-2023-39951.json) (`2023-08-08T22:15:10.827`) +* [CVE-2023-39341](CVE-2023/CVE-2023-393xx/CVE-2023-39341.json) (`2023-08-09T03:15:43.870`) +* [CVE-2023-39910](CVE-2023/CVE-2023-399xx/CVE-2023-39910.json) (`2023-08-09T03:15:44.867`) +* [CVE-2023-4239](CVE-2023/CVE-2023-42xx/CVE-2023-4239.json) (`2023-08-09T03:15:45.230`) ### CVEs modified in the last Commit