admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-08-08T10:00:25.007885+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-08-08 10:00:28 +00:00
parent 9959f09c7c
commit b61e8103ae
6 changed files with 237 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2023/CVE-2023-23xx/CVE-2023-2329.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-2329", "id": "CVE-2023-2329",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2023-07-17T14:15:09.847", "published": "2023-07-17T14:15:09.847",
"lastModified": "2023-07-26T19:22:20.497", "lastModified": "2023-08-08T09:15:09.873",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The WooCommerce Google Sheet Connector WordPress plugin through 1.3.4 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack" "value": "The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack"
} }
], ],
"metrics": { "metrics": {

55
CVE-2023/CVE-2023-375xx/CVE-2023-37569.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37569",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2023-08-08T09:15:10.620",
"lastModified": "2023-08-08T09:15:10.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vdisclose@cert-in.org.in",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "vdisclose@cert-in.org.in",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226",
"source": "vdisclose@cert-in.org.in"
}
]
}

55
CVE-2023/CVE-2023-375xx/CVE-2023-37570.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37570",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2023-08-08T09:15:10.783",
"lastModified": "2023-08-08T09:15:10.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. \nBy reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vdisclose@cert-in.org.in",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "vdisclose@cert-in.org.in",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226",
"source": "vdisclose@cert-in.org.in"
}
]
}

55
CVE-2023/CVE-2023-38xx/CVE-2023-3898.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3898",
"sourceIdentifier": "cve@usom.gov.tr",
"published": "2023-08-08T09:15:10.880",
"lastModified": "2023-08-08T09:15:10.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-23-0440",
"source": "cve@usom.gov.tr"
}
]
}

59
CVE-2023/CVE-2023-40xx/CVE-2023-4009.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4009",
"sourceIdentifier": "cna@mongodb.com",
"published": "2023-08-08T09:15:11.023",
"lastModified": "2023-08-08T09:15:11.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@mongodb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cna@mongodb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-648"
}
]
}
],
"references": [
{
"url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0",
"source": "cna@mongodb.com"
},
{
"url": "https://www.mongodb.com/docs/ops-manager/v5.0/release-notes/application/#onprem-server-5-0-22",
"source": "cna@mongodb.com"
}
]
}

24
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-08-08T08:00:26.748792+00:00 2023-08-08T10:00:25.007885+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-08-08T07:15:10.957000+00:00 2023-08-08T09:15:11.023000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,28 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
221880 221884
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `9` Recently added CVEs: `4`
* [CVE-2023-39976](CVE-2023/CVE-2023-399xx/CVE-2023-39976.json) (`2023-08-08T06:15:46.590`) * [CVE-2023-37569](CVE-2023/CVE-2023-375xx/CVE-2023-37569.json) (`2023-08-08T09:15:10.620`)
* [CVE-2023-39977](CVE-2023/CVE-2023-399xx/CVE-2023-39977.json) (`2023-08-08T06:15:47.537`) * [CVE-2023-37570](CVE-2023/CVE-2023-375xx/CVE-2023-37570.json) (`2023-08-08T09:15:10.783`)
* [CVE-2023-39978](CVE-2023/CVE-2023-399xx/CVE-2023-39978.json) (`2023-08-08T06:15:47.790`) * [CVE-2023-3898](CVE-2023/CVE-2023-38xx/CVE-2023-3898.json) (`2023-08-08T09:15:10.880`)
* [CVE-2023-3526](CVE-2023/CVE-2023-35xx/CVE-2023-3526.json) (`2023-08-08T07:15:10.150`) * [CVE-2023-4009](CVE-2023/CVE-2023-40xx/CVE-2023-4009.json) (`2023-08-08T09:15:11.023`)
* [CVE-2023-3569](CVE-2023/CVE-2023-35xx/CVE-2023-3569.json) (`2023-08-08T07:15:10.480`)
* [CVE-2023-3570](CVE-2023/CVE-2023-35xx/CVE-2023-3570.json) (`2023-08-08T07:15:10.603`)
* [CVE-2023-3571](CVE-2023/CVE-2023-35xx/CVE-2023-3571.json) (`2023-08-08T07:15:10.727`)
* [CVE-2023-3572](CVE-2023/CVE-2023-35xx/CVE-2023-3572.json) (`2023-08-08T07:15:10.840`)
* [CVE-2023-3573](CVE-2023/CVE-2023-35xx/CVE-2023-3573.json) (`2023-08-08T07:15:10.957`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `0` Recently modified CVEs: `1`
* [CVE-2023-2329](CVE-2023/CVE-2023-23xx/CVE-2023-2329.json) (`2023-08-08T09:15:09.873`)
## Download and Usage ## Download and Usage