diff --git a/CVE-2023/CVE-2023-23xx/CVE-2023-2329.json b/CVE-2023/CVE-2023-23xx/CVE-2023-2329.json index d516543319d..cb27358124a 100644 --- a/CVE-2023/CVE-2023-23xx/CVE-2023-2329.json +++ b/CVE-2023/CVE-2023-23xx/CVE-2023-2329.json @@ -2,12 +2,12 @@ "id": "CVE-2023-2329", "sourceIdentifier": "contact@wpscan.com", "published": "2023-07-17T14:15:09.847", - "lastModified": "2023-07-26T19:22:20.497", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-08T09:15:09.873", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The WooCommerce Google Sheet Connector WordPress plugin through 1.3.4 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack" + "value": "The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37569.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37569.json new file mode 100644 index 00000000000..696caa44429 --- /dev/null +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37569.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37569", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2023-08-08T09:15:10.620", + "lastModified": "2023-08-08T09:15:10.620", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37570.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37570.json new file mode 100644 index 00000000000..bd89d0a784f --- /dev/null +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37570.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37570", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2023-08-08T09:15:10.783", + "lastModified": "2023-08-08T09:15:10.783", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. \nBy reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3898.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3898.json new file mode 100644 index 00000000000..06b28adb8b3 --- /dev/null +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3898.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3898", + "sourceIdentifier": "cve@usom.gov.tr", + "published": "2023-08-08T09:15:10.880", + "lastModified": "2023-08-08T09:15:10.880", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cve@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-23-0440", + "source": "cve@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4009.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4009.json new file mode 100644 index 00000000000..46520eee984 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4009.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4009", + "sourceIdentifier": "cna@mongodb.com", + "published": "2023-08-08T09:15:11.023", + "lastModified": "2023-08-08T09:15:11.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@mongodb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "cna@mongodb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-648" + } + ] + } + ], + "references": [ + { + "url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0", + "source": "cna@mongodb.com" + }, + { + "url": "https://www.mongodb.com/docs/ops-manager/v5.0/release-notes/application/#onprem-server-5-0-22", + "source": "cna@mongodb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index df8104e60d0..ce5c27f0a05 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-08T08:00:26.748792+00:00 +2023-08-08T10:00:25.007885+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-08T07:15:10.957000+00:00 +2023-08-08T09:15:11.023000+00:00 ``` ### Last Data Feed Release @@ -29,28 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221880 +221884 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `4` -* [CVE-2023-39976](CVE-2023/CVE-2023-399xx/CVE-2023-39976.json) (`2023-08-08T06:15:46.590`) -* [CVE-2023-39977](CVE-2023/CVE-2023-399xx/CVE-2023-39977.json) (`2023-08-08T06:15:47.537`) -* [CVE-2023-39978](CVE-2023/CVE-2023-399xx/CVE-2023-39978.json) (`2023-08-08T06:15:47.790`) -* [CVE-2023-3526](CVE-2023/CVE-2023-35xx/CVE-2023-3526.json) (`2023-08-08T07:15:10.150`) -* [CVE-2023-3569](CVE-2023/CVE-2023-35xx/CVE-2023-3569.json) (`2023-08-08T07:15:10.480`) -* [CVE-2023-3570](CVE-2023/CVE-2023-35xx/CVE-2023-3570.json) (`2023-08-08T07:15:10.603`) -* [CVE-2023-3571](CVE-2023/CVE-2023-35xx/CVE-2023-3571.json) (`2023-08-08T07:15:10.727`) -* [CVE-2023-3572](CVE-2023/CVE-2023-35xx/CVE-2023-3572.json) (`2023-08-08T07:15:10.840`) -* [CVE-2023-3573](CVE-2023/CVE-2023-35xx/CVE-2023-3573.json) (`2023-08-08T07:15:10.957`) +* [CVE-2023-37569](CVE-2023/CVE-2023-375xx/CVE-2023-37569.json) (`2023-08-08T09:15:10.620`) +* [CVE-2023-37570](CVE-2023/CVE-2023-375xx/CVE-2023-37570.json) (`2023-08-08T09:15:10.783`) +* [CVE-2023-3898](CVE-2023/CVE-2023-38xx/CVE-2023-3898.json) (`2023-08-08T09:15:10.880`) +* [CVE-2023-4009](CVE-2023/CVE-2023-40xx/CVE-2023-4009.json) (`2023-08-08T09:15:11.023`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2023-2329](CVE-2023/CVE-2023-23xx/CVE-2023-2329.json) (`2023-08-08T09:15:09.873`) ## Download and Usage