admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-24T07:00:24.631143+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-24 07:00:28 +00:00
parent c9f38acc75
commit 0dd69038c3
4 changed files with 96 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2023/CVE-2023-517xx/CVE-2023-51764.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-51764",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T05:15:08.273",
"lastModified": "2023-12-24T05:15:08.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Postfix through 3.8.4 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the Postfix server, allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>), a different solution is required: the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23, 3.6.13, 3.7.9, 3.8.4, or 3.9."
}
],
"metrics": {},
"references": [
{
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/",
"source": "cve@mitre.org"
},
{
"url": "https://www.postfix.org/smtp-smuggling.html",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-517xx/CVE-2023-51765.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-51765",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T06:15:07.527",
"lastModified": "2023-12-24T06:15:07.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the sendmail server, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports <LF>.<CR><LF> but some other popular e-mail servers do not."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/freebsd/freebsd-src/commit/5dd76dd0cc19450133aa379ce0ce4a68ae07fb39#diff-afdf514b32ac88004952c11660c57bc96c3d8b2234007c1cbd8d7ed7fd7935cc",
"source": "cve@mitre.org"
},
{
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/",
"source": "cve@mitre.org"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/21/7",
"source": "cve@mitre.org"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/22/7",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-517xx/CVE-2023-51766.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-51766",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T06:15:07.673",
"lastModified": "2023-12-24T06:15:07.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages that appear to originate from the Exim server, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not."
}
],
"metrics": {},
"references": [
{
"url": "https://bugs.exim.org/show_bug.cgi?id=3063",
"source": "cve@mitre.org"
},
{
"url": "https://exim.org/static/doc/security/CVE-2023-51766.txt",
"source": "cve@mitre.org"
},
{
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/",
"source": "cve@mitre.org"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/23/2",
"source": "cve@mitre.org"
}
]
}

15
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-12-24T05:00:24.771672+00:00 2023-12-24T07:00:24.631143+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-12-24T04:15:07.633000+00:00 2023-12-24T06:15:07.673000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,21 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
234151 234154
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `1` Recently added CVEs: `3`
* [CVE-2023-51763](CVE-2023/CVE-2023-517xx/CVE-2023-51763.json) (`2023-12-24T04:15:07.633`) * [CVE-2023-51764](CVE-2023/CVE-2023-517xx/CVE-2023-51764.json) (`2023-12-24T05:15:08.273`)
* [CVE-2023-51765](CVE-2023/CVE-2023-517xx/CVE-2023-51765.json) (`2023-12-24T06:15:07.527`)
* [CVE-2023-51766](CVE-2023/CVE-2023-517xx/CVE-2023-51766.json) (`2023-12-24T06:15:07.673`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `1` Recently modified CVEs: `0`
* [CVE-2023-7024](CVE-2023/CVE-2023-70xx/CVE-2023-7024.json) (`2023-12-24T03:15:44.250`)
## Download and Usage ## Download and Usage