Auto-Update: 2023-09-13T22:00:25.799204+00:00

CVE-2023/CVE-2023-408xx/CVE-2023-40850.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-40850",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-13T20:15:07.927",
+  "lastModified": "2023-09-13T20:15:07.927",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/flyyue2001/cve/blob/main/NS-ASG-bak-leakage.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-418xx/CVE-2023-41892.json

@@ -0,0 +1,75 @@
+{
+  "id": "CVE-2023-41892",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-09-13T20:15:08.187",
+  "lastModified": "2023-09-13T20:15:08.187",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "LOW",
+          "baseScore": 10.0,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4415---2023-07-03-critical",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/craftcms/cms/commit/7359d18d46389ffac86c2af1e0cd59e37c298857",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/craftcms/cms/commit/a270b928f3d34ad3bd953b81c304424edd57355e",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/craftcms/cms/commit/c0a37e15cc925c473e60e27fe64054993b867ac1#diff-47dd43d86f85161944dfcce2e41d31955c4184672d9bd9d82b948c6b01b86476",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/craftcms/cms/security/advisories/GHSA-4w8r-3xrw-v25g",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-424xx/CVE-2023-42468.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-42468",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-13T20:15:08.447",
+  "lastModified": "2023-09-13T20:15:08.447",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/actuator/com.cutestudio.colordialer/blob/main/CWE-284.md",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/actuator/com.cutestudio.colordialer/blob/main/dial.gif",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/actuator/com.cutestudio.colordialer/blob/main/dialerPOC.apk",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/actuator/cve/blob/main/CVE-2023-42468",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-45xx/CVE-2023-4568.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4568",
+  "sourceIdentifier": "vulnreport@tenable.com",
+  "published": "2023-09-13T21:15:07.807",
+  "lastModified": "2023-09-13T21:15:07.807",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "vulnreport@tenable.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vulnreport@tenable.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-287"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.tenable.com/security/research/tra-2023-31",
+      "source": "vulnreport@tenable.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-09-13T20:00:24.078513+00:00
+2023-09-13T22:00:25.799204+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-09-13T19:40:51.920000+00:00
+2023-09-13T21:15:07.807000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,46 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-224887
+224891
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `4`
 
-* [CVE-2023-3588](CVE-2023/CVE-2023-35xx/CVE-2023-3588.json) (`2023-09-13T19:15:07.787`)
-* [CVE-2023-42469](CVE-2023/CVE-2023-424xx/CVE-2023-42469.json) (`2023-09-13T19:15:08.410`)
+* [CVE-2023-40850](CVE-2023/CVE-2023-408xx/CVE-2023-40850.json) (`2023-09-13T20:15:07.927`)
+* [CVE-2023-41892](CVE-2023/CVE-2023-418xx/CVE-2023-41892.json) (`2023-09-13T20:15:08.187`)
+* [CVE-2023-42468](CVE-2023/CVE-2023-424xx/CVE-2023-42468.json) (`2023-09-13T20:15:08.447`)
+* [CVE-2023-4568](CVE-2023/CVE-2023-45xx/CVE-2023-4568.json) (`2023-09-13T21:15:07.807`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `26`
+Recently modified CVEs: `0`
 
-* [CVE-2020-19323](CVE-2020/CVE-2020-193xx/CVE-2020-19323.json) (`2023-09-13T19:04:16.820`)
-* [CVE-2021-41921](CVE-2021/CVE-2021-419xx/CVE-2021-41921.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2021-42967](CVE-2021/CVE-2021-429xx/CVE-2021-42967.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2022-24568](CVE-2022/CVE-2022-245xx/CVE-2022-24568.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2022-28462](CVE-2022/CVE-2022-284xx/CVE-2022-28462.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2022-35121](CVE-2022/CVE-2022-351xx/CVE-2022-35121.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2022-36671](CVE-2022/CVE-2022-366xx/CVE-2022-36671.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2022-36672](CVE-2022/CVE-2022-366xx/CVE-2022-36672.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2022-34227](CVE-2022/CVE-2022-342xx/CVE-2022-34227.json) (`2023-09-13T19:40:51.920`)
-* [CVE-2023-38035](CVE-2023/CVE-2023-380xx/CVE-2023-38035.json) (`2023-09-13T18:15:08.023`)
-* [CVE-2023-36161](CVE-2023/CVE-2023-361xx/CVE-2023-36161.json) (`2023-09-13T18:19:40.160`)
-* [CVE-2023-38878](CVE-2023/CVE-2023-388xx/CVE-2023-38878.json) (`2023-09-13T18:28:31.947`)
-* [CVE-2023-30058](CVE-2023/CVE-2023-300xx/CVE-2023-30058.json) (`2023-09-13T18:31:32.773`)
-* [CVE-2023-4881](CVE-2023/CVE-2023-48xx/CVE-2023-4881.json) (`2023-09-13T18:41:23.777`)
-* [CVE-2023-4887](CVE-2023/CVE-2023-48xx/CVE-2023-4887.json) (`2023-09-13T18:51:29.787`)
-* [CVE-2023-39063](CVE-2023/CVE-2023-390xx/CVE-2023-39063.json) (`2023-09-13T19:16:32.353`)
-* [CVE-2023-38736](CVE-2023/CVE-2023-387xx/CVE-2023-38736.json) (`2023-09-13T19:17:14.103`)
-* [CVE-2023-3747](CVE-2023/CVE-2023-37xx/CVE-2023-3747.json) (`2023-09-13T19:29:34.330`)
-* [CVE-2023-1594](CVE-2023/CVE-2023-15xx/CVE-2023-1594.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2023-1595](CVE-2023/CVE-2023-15xx/CVE-2023-1595.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2023-1606](CVE-2023/CVE-2023-16xx/CVE-2023-1606.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2023-1607](CVE-2023/CVE-2023-16xx/CVE-2023-1607.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2023-2039](CVE-2023/CVE-2023-20xx/CVE-2023-2039.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2023-2040](CVE-2023/CVE-2023-20xx/CVE-2023-2040.json) (`2023-09-13T19:33:13.863`)
-* [CVE-2023-2041](CVE-2023/CVE-2023-20xx/CVE-2023-2041.json) (`2023-09-13T19:33:13.863`)
 
 
 ## Download and Usage