Auto-Update: 2023-08-08T10:00:25.007885+00:00

CVE-2023/CVE-2023-23xx/CVE-2023-2329.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-2329",
   "sourceIdentifier": "contact@wpscan.com",
   "published": "2023-07-17T14:15:09.847",
-  "lastModified": "2023-07-26T19:22:20.497",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-08-08T09:15:09.873",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "The WooCommerce Google Sheet Connector WordPress plugin through 1.3.4 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack"
+      "value": "The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack"
     }
   ],
   "metrics": {

CVE-2023/CVE-2023-375xx/CVE-2023-37569.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-37569",
+  "sourceIdentifier": "vdisclose@cert-in.org.in",
+  "published": "2023-08-08T09:15:10.620",
+  "lastModified": "2023-08-08T09:15:10.620",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "vdisclose@cert-in.org.in",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vdisclose@cert-in.org.in",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226",
+      "source": "vdisclose@cert-in.org.in"
+    }
+  ]
+}

CVE-2023/CVE-2023-375xx/CVE-2023-37570.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-37570",
+  "sourceIdentifier": "vdisclose@cert-in.org.in",
+  "published": "2023-08-08T09:15:10.783",
+  "lastModified": "2023-08-08T09:15:10.783",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. \nBy reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "vdisclose@cert-in.org.in",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vdisclose@cert-in.org.in",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-613"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226",
+      "source": "vdisclose@cert-in.org.in"
+    }
+  ]
+}

CVE-2023/CVE-2023-38xx/CVE-2023-3898.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3898",
+  "sourceIdentifier": "cve@usom.gov.tr",
+  "published": "2023-08-08T09:15:10.880",
+  "lastModified": "2023-08-08T09:15:10.880",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@usom.gov.tr",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@usom.gov.tr",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.usom.gov.tr/bildirim/tr-23-0440",
+      "source": "cve@usom.gov.tr"
+    }
+  ]
+}

CVE-2023/CVE-2023-40xx/CVE-2023-4009.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-4009",
+  "sourceIdentifier": "cna@mongodb.com",
+  "published": "2023-08-08T09:15:11.023",
+  "lastModified": "2023-08-08T09:15:11.023",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@mongodb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@mongodb.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-648"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.mongodb.com/docs/ops-manager/current/release-notes/application/#onprem-server-6-0",
+      "source": "cna@mongodb.com"
+    },
+    {
+      "url": "https://www.mongodb.com/docs/ops-manager/v5.0/release-notes/application/#onprem-server-5-0-22",
+      "source": "cna@mongodb.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-08-08T08:00:26.748792+00:00
+2023-08-08T10:00:25.007885+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-08-08T07:15:10.957000+00:00
+2023-08-08T09:15:11.023000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,28 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-221880
+221884
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `9`
+Recently added CVEs: `4`
 
-* [CVE-2023-39976](CVE-2023/CVE-2023-399xx/CVE-2023-39976.json) (`2023-08-08T06:15:46.590`)
-* [CVE-2023-39977](CVE-2023/CVE-2023-399xx/CVE-2023-39977.json) (`2023-08-08T06:15:47.537`)
-* [CVE-2023-39978](CVE-2023/CVE-2023-399xx/CVE-2023-39978.json) (`2023-08-08T06:15:47.790`)
-* [CVE-2023-3526](CVE-2023/CVE-2023-35xx/CVE-2023-3526.json) (`2023-08-08T07:15:10.150`)
-* [CVE-2023-3569](CVE-2023/CVE-2023-35xx/CVE-2023-3569.json) (`2023-08-08T07:15:10.480`)
-* [CVE-2023-3570](CVE-2023/CVE-2023-35xx/CVE-2023-3570.json) (`2023-08-08T07:15:10.603`)
-* [CVE-2023-3571](CVE-2023/CVE-2023-35xx/CVE-2023-3571.json) (`2023-08-08T07:15:10.727`)
-* [CVE-2023-3572](CVE-2023/CVE-2023-35xx/CVE-2023-3572.json) (`2023-08-08T07:15:10.840`)
-* [CVE-2023-3573](CVE-2023/CVE-2023-35xx/CVE-2023-3573.json) (`2023-08-08T07:15:10.957`)
+* [CVE-2023-37569](CVE-2023/CVE-2023-375xx/CVE-2023-37569.json) (`2023-08-08T09:15:10.620`)
+* [CVE-2023-37570](CVE-2023/CVE-2023-375xx/CVE-2023-37570.json) (`2023-08-08T09:15:10.783`)
+* [CVE-2023-3898](CVE-2023/CVE-2023-38xx/CVE-2023-3898.json) (`2023-08-08T09:15:10.880`)
+* [CVE-2023-4009](CVE-2023/CVE-2023-40xx/CVE-2023-4009.json) (`2023-08-08T09:15:11.023`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+* [CVE-2023-2329](CVE-2023/CVE-2023-23xx/CVE-2023-2329.json) (`2023-08-08T09:15:09.873`)
 
 
 ## Download and Usage