Auto-Update: 2023-08-28T23:55:25.321487+00:00

2025-05-08 19:47:09 +00:00 · 2023-08-28 23:55:28 +00:00 · 2023-08-28 23:55:28 +00:00 · 0944f0f111
commit 0944f0f111
parent 7b212f532f
16 changed files with 366 additions and 29 deletions
--- a/CVE-2023/CVE-2023-347xx/CVE-2023-34724.json
+++ b/CVE-2023/CVE-2023-347xx/CVE-2023-34724.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-34724",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:08.230",
+  "lastModified": "2023-08-28T22:15:08.230",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-347xx/CVE-2023-34725.json
+++ b/CVE-2023/CVE-2023-347xx/CVE-2023-34725.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-34725",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:08.493",
+  "lastModified": "2023-08-28T22:15:08.493",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-390xx/CVE-2023-39017.json
+++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39017.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-39017",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-07-28T15:15:13.160",
-  "lastModified": "2023-08-03T18:05:20.460",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-08-28T22:15:08.660",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument."
+      "value": "** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur."
    },
    {
      "lang": "es",
--- a/CVE-2023/CVE-2023-390xx/CVE-2023-39059.json
+++ b/CVE-2023/CVE-2023-390xx/CVE-2023-39059.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-39059",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:08.983",
+  "lastModified": "2023-08-28T22:15:08.983",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://gist.github.com/Alevsk/1757da24c5fb8db735d392fd4146ca3a",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.alevsk.com/2023/07/a-quick-story-of-security-pitfalls-with-execcommand-in-software-integrations/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-396xx/CVE-2023-39650.json
+++ b/CVE-2023/CVE-2023-396xx/CVE-2023-39650.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-39650",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T23:15:08.293",
+  "lastModified": "2023-08-28T23:15:08.293",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2023/08/24/tvcmsblog.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://themevolty.com/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-407xx/CVE-2023-40781.json
+++ b/CVE-2023/CVE-2023-407xx/CVE-2023-40781.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-40781",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:09.157",
+  "lastModified": "2023-08-28T22:15:09.157",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/libming/libming/issues/288",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-408xx/CVE-2023-40825.json
+++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40825.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-40825",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:09.293",
+  "lastModified": "2023-08-28T22:15:09.293",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/perfree/PerfreeBlog/issues/15",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-408xx/CVE-2023-40826.json
+++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40826.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-40826",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:09.433",
+  "lastModified": "2023-08-28T22:15:09.433",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/pf4j/pf4j/issues/536",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-408xx/CVE-2023-40827.json
+++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40827.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-40827",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:09.583",
+  "lastModified": "2023-08-28T22:15:09.583",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/pf4j/pf4j/issues/536",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/pf4j/pf4j/pull/537",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/pf4j/pf4j/pull/537/commits/ed9392069fe14c6c30d9f876710e5ad40f7ea8c1",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-408xx/CVE-2023-40828.json
+++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40828.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-40828",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:09.713",
+  "lastModified": "2023-08-28T22:15:09.713",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/pf4j/pf4j/pull/537",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/pf4j/pf4j/pull/538",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-408xx/CVE-2023-40857.json
+++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40857.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-40857",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:09.870",
+  "lastModified": "2023-08-28T22:15:09.870",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/VirusTotal/yara/issues/1945",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-409xx/CVE-2023-40997.json
+++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40997.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-40997",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:10.030",
+  "lastModified": "2023-08-28T22:15:10.030",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jira.o-ran-sc.org/browse/RIC-991",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-409xx/CVE-2023-40998.json
+++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40998.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-40998",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:10.167",
+  "lastModified": "2023-08-28T22:15:10.167",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jira.o-ran-sc.org/browse/RIC-989",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-410xx/CVE-2023-41005.json
+++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41005.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-41005",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-28T22:15:10.307",
+  "lastModified": "2023-08-28T22:15:10.307",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/pagekit/pagekit/issues/977",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-45xx/CVE-2023-4569.json
+++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4569.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2023-4569",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-08-28T22:15:10.487",
+  "lastModified": "2023-08-28T22:15:10.487",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-4569",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235470",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230812110526.49808-1-fw@strlen.de/",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-28T22:00:25.408660+00:00
+2023-08-28T23:55:25.321487+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-28T21:41:07.790000+00:00
+2023-08-28T23:15:08.293000+00:00
 ```

 ### Last Data Feed Release
@ -29,40 +29,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-223576
+223590
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `9`
+Recently added CVEs: `14`

-* [CVE-2020-24165](CVE-2020/CVE-2020-241xx/CVE-2020-24165.json) (`2023-08-28T21:15:07.510`)
-* [CVE-2023-35785](CVE-2023/CVE-2023-357xx/CVE-2023-35785.json) (`2023-08-28T20:15:08.033`)
-* [CVE-2023-39348](CVE-2023/CVE-2023-393xx/CVE-2023-39348.json) (`2023-08-28T20:15:08.107`)
-* [CVE-2023-39578](CVE-2023/CVE-2023-395xx/CVE-2023-39578.json) (`2023-08-28T20:15:08.207`)
-* [CVE-2023-41109](CVE-2023/CVE-2023-411xx/CVE-2023-41109.json) (`2023-08-28T20:15:08.273`)
-* [CVE-2023-38969](CVE-2023/CVE-2023-389xx/CVE-2023-38969.json) (`2023-08-28T21:15:07.667`)
-* [CVE-2023-39652](CVE-2023/CVE-2023-396xx/CVE-2023-39652.json) (`2023-08-28T21:15:07.723`)
-* [CVE-2023-39968](CVE-2023/CVE-2023-399xx/CVE-2023-39968.json) (`2023-08-28T21:15:07.777`)
-* [CVE-2023-40170](CVE-2023/CVE-2023-401xx/CVE-2023-40170.json) (`2023-08-28T21:15:07.873`)
+* [CVE-2023-34724](CVE-2023/CVE-2023-347xx/CVE-2023-34724.json) (`2023-08-28T22:15:08.230`)
+* [CVE-2023-34725](CVE-2023/CVE-2023-347xx/CVE-2023-34725.json) (`2023-08-28T22:15:08.493`)
+* [CVE-2023-39059](CVE-2023/CVE-2023-390xx/CVE-2023-39059.json) (`2023-08-28T22:15:08.983`)
+* [CVE-2023-40781](CVE-2023/CVE-2023-407xx/CVE-2023-40781.json) (`2023-08-28T22:15:09.157`)
+* [CVE-2023-40825](CVE-2023/CVE-2023-408xx/CVE-2023-40825.json) (`2023-08-28T22:15:09.293`)
+* [CVE-2023-40826](CVE-2023/CVE-2023-408xx/CVE-2023-40826.json) (`2023-08-28T22:15:09.433`)
+* [CVE-2023-40827](CVE-2023/CVE-2023-408xx/CVE-2023-40827.json) (`2023-08-28T22:15:09.583`)
+* [CVE-2023-40828](CVE-2023/CVE-2023-408xx/CVE-2023-40828.json) (`2023-08-28T22:15:09.713`)
+* [CVE-2023-40857](CVE-2023/CVE-2023-408xx/CVE-2023-40857.json) (`2023-08-28T22:15:09.870`)
+* [CVE-2023-40997](CVE-2023/CVE-2023-409xx/CVE-2023-40997.json) (`2023-08-28T22:15:10.030`)
+* [CVE-2023-40998](CVE-2023/CVE-2023-409xx/CVE-2023-40998.json) (`2023-08-28T22:15:10.167`)
+* [CVE-2023-41005](CVE-2023/CVE-2023-410xx/CVE-2023-41005.json) (`2023-08-28T22:15:10.307`)
+* [CVE-2023-4569](CVE-2023/CVE-2023-45xx/CVE-2023-4569.json) (`2023-08-28T22:15:10.487`)
+* [CVE-2023-39650](CVE-2023/CVE-2023-396xx/CVE-2023-39650.json) (`2023-08-28T23:15:08.293`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `12`
+Recently modified CVEs: `1`

-* [CVE-2020-24113](CVE-2020/CVE-2020-241xx/CVE-2020-24113.json) (`2023-08-28T20:09:43.660`)
-* [CVE-2020-12272](CVE-2020/CVE-2020-122xx/CVE-2020-12272.json) (`2023-08-28T20:15:07.633`)
-* [CVE-2020-21699](CVE-2020/CVE-2020-216xx/CVE-2020-21699.json) (`2023-08-28T21:17:32.603`)
-* [CVE-2022-48538](CVE-2022/CVE-2022-485xx/CVE-2022-48538.json) (`2023-08-28T20:06:05.137`)
-* [CVE-2022-48545](CVE-2022/CVE-2022-485xx/CVE-2022-48545.json) (`2023-08-28T20:40:51.623`)
-* [CVE-2023-4475](CVE-2023/CVE-2023-44xx/CVE-2023-4475.json) (`2023-08-28T20:33:24.607`)
-* [CVE-2023-4404](CVE-2023/CVE-2023-44xx/CVE-2023-4404.json) (`2023-08-28T20:46:11.667`)
-* [CVE-2023-3699](CVE-2023/CVE-2023-36xx/CVE-2023-3699.json) (`2023-08-28T21:12:52.317`)
-* [CVE-2023-41098](CVE-2023/CVE-2023-410xx/CVE-2023-41098.json) (`2023-08-28T21:21:37.023`)
-* [CVE-2023-32119](CVE-2023/CVE-2023-321xx/CVE-2023-32119.json) (`2023-08-28T21:24:05.680`)
-* [CVE-2023-41100](CVE-2023/CVE-2023-411xx/CVE-2023-41100.json) (`2023-08-28T21:27:36.420`)
-* [CVE-2023-41104](CVE-2023/CVE-2023-411xx/CVE-2023-41104.json) (`2023-08-28T21:41:07.790`)
+* [CVE-2023-39017](CVE-2023/CVE-2023-390xx/CVE-2023-39017.json) (`2023-08-28T22:15:08.660`)


 ## Download and Usage