Auto-Update: 2023-06-01T08:00:26.923457+00:00

2025-07-09 16:05:11 +00:00 · 2023-06-01 08:00:30 +00:00 · 2023-06-01 08:00:30 +00:00 · de73c407ae
commit de73c407ae
parent 0d9cbaf3e7
7 changed files with 368 additions and 9 deletions
--- a/CVE-2018/CVE-2018-250xx/CVE-2018-25086.json
+++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25086.json
@ -0,0 +1,92 @@
+{
+  "id": "CVE-2018-25086",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-06-01T07:15:08.860",
+  "lastModified": "2023-06-01T07:15:08.860",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The name of the patch is c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.0
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/sea75300/fanpresscm3/commit/c380d343c2107fcee55ab00eb8d189ce5e03369b",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/sea75300/fanpresscm3/releases/tag/v3.6.4",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.230235",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.230235",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-43xx/CVE-2022-4332.json
+++ b/CVE-2022/CVE-2022-43xx/CVE-2022-4332.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2022-4332",
+  "sourceIdentifier": "info@cert.vde.com",
+  "published": "2023-06-01T06:15:09.877",
+  "lastModified": "2023-06-01T06:15:09.877",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a\u00a0vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "info@cert.vde.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "info@cert.vde.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf",
+      "source": "info@cert.vde.com"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-43xx/CVE-2022-4333.json
+++ b/CVE-2022/CVE-2022-43xx/CVE-2022-4333.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2022-4333",
+  "sourceIdentifier": "info@cert.vde.com",
+  "published": "2023-06-01T06:15:13.070",
+  "lastModified": "2023-06-01T06:15:13.070",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "info@cert.vde.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "info@cert.vde.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-798"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/2022-12_Advisories.pdf",
+      "source": "info@cert.vde.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3028.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3028.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-3028",
+  "sourceIdentifier": "cve@asrg.io",
+  "published": "2023-06-01T06:15:14.577",
+  "lastModified": "2023-06-01T06:15:14.577",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too.\n\n\n\n\n\n\n\n\nMultiple vulnerabilities were identified:\n\n\n\n- The MQTT backend does not require authentication, allowing unauthorized connections from an attacker.\n\n\n\n- The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend.\n\n\n\n- The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location.\n\n\n\n- The backend can inject data into a vehicle\u00b4s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend.\n\n\nThe confirmed version is\u00a0201808021036, however further versions have been also identified as potentially impacted.\n\n\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@asrg.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@asrg.io",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-287"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-319"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-345"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://garage.asrg.io/cve-2023-3028-improper-backend-communications-allow-access-and-manipulation-of-the-telemetry-data/",
+      "source": "cve@asrg.io"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-30xx/CVE-2023-3029.json
+++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3029.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-3029",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-06-01T06:15:15.260",
+  "lastModified": "2023-06-01T06:15:15.260",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.0
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 10.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitee.com/gouguopen/office/issues/I74VRG",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.230458",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.230458",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-332xx/CVE-2023-33297.json
+++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33297.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-33297",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-05-22T05:15:09.460",
-  "lastModified": "2023-05-31T19:15:26.897",
+  "lastModified": "2023-06-01T06:15:13.677",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -104,6 +104,10 @@
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2EI7SAP4QP2AJYK2JVEOO4GJ6DOBSM5/",
      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H3CQY277NWXY3RFCZCJ4VKT2P3ROACEJ/",
+      "source": "cve@mitre.org"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-06-01T06:00:24.395668+00:00
+2023-06-01T08:00:26.923457+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-06-01T05:15:09.767000+00:00
+2023-06-01T07:15:08.860000+00:00
 ```

 ### Last Data Feed Release
@ -29,23 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-216605
+216610
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `5`

-* [CVE-2010-10010](CVE-2010/CVE-2010-100xx/CVE-2010-10010.json) (`2023-06-01T05:15:09.503`)
-* [CVE-2023-33778](CVE-2023/CVE-2023-337xx/CVE-2023-33778.json) (`2023-06-01T04:15:10.313`)
-* [CVE-2023-24584](CVE-2023/CVE-2023-245xx/CVE-2023-24584.json) (`2023-06-01T05:15:09.767`)
+* [CVE-2018-25086](CVE-2018/CVE-2018-250xx/CVE-2018-25086.json) (`2023-06-01T07:15:08.860`)
+* [CVE-2022-4332](CVE-2022/CVE-2022-43xx/CVE-2022-4332.json) (`2023-06-01T06:15:09.877`)
+* [CVE-2022-4333](CVE-2022/CVE-2022-43xx/CVE-2022-4333.json) (`2023-06-01T06:15:13.070`)
+* [CVE-2023-3028](CVE-2023/CVE-2023-30xx/CVE-2023-3028.json) (`2023-06-01T06:15:14.577`)
+* [CVE-2023-3029](CVE-2023/CVE-2023-30xx/CVE-2023-3029.json) (`2023-06-01T06:15:15.260`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

-* [CVE-2023-33942](CVE-2023/CVE-2023-339xx/CVE-2023-33942.json) (`2023-06-01T04:15:10.607`)
+* [CVE-2023-33297](CVE-2023/CVE-2023-332xx/CVE-2023-33297.json) (`2023-06-01T06:15:13.677`)


 ## Download and Usage