Auto-Update: 2023-09-18T16:00:24.921245+00:00

CVE-2023/CVE-2023-409xx/CVE-2023-40968.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-40968",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-09-01T16:15:08.473",
-  "lastModified": "2023-09-06T00:14:10.897",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-18T14:15:07.557",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "Buffer Overflow vulnerability in hzeller timg v.1.5.2 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address."
+      "value": "Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address."
     }
   ],
   "metrics": {
@@ -72,6 +72,10 @@
         "Issue Tracking",
         "Patch"
       ]
+    },
+    {
+      "url": "https://github.com/hzeller/timg/releases/tag/v1.5.2",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2023/CVE-2023-411xx/CVE-2023-41155.json

@@ -2,23 +2,90 @@
   "id": "CVE-2023-41155",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-09-13T22:15:08.747",
-  "lastModified": "2023-09-14T13:01:03.610",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-09-18T14:12:15.923",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
       "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad de Stored Cross-Site Scripting (XSS) en la pesta\u00f1a de reenv\u00edo de correo y respuestas en Webmin y Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del campo reenviar a mientras crean una regla de reenv\u00edo de correo."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:webmin:usermin:2.000:*:*:*:*:*:*:*",
+              "matchCriteriaId": "ED13897E-B6FB-4976-9037-2136FDFE1A50"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:webmin:webmin:2.000:*:*:*:*:*:*:*",
+              "matchCriteriaId": "32C6CF7F-1287-4AB2-B4C0-801AC1EC3CB5"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "metrics": {},
   "references": [
     {
       "url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Third Party Advisory"
+      ]
     },
     {
       "url": "https://webmin.com/tags/webmin-changelog/",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Release Notes"
+      ]
     }
   ]
 }

CVE-2023/CVE-2023-423xx/CVE-2023-42371.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-42371",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-18T15:15:46.870",
+  "lastModified": "2023-09-18T15:15:46.870",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://hacker.soarescorp.com/cve/2023-42371/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://summernote.org/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-423xx/CVE-2023-42387.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-42387",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-18T15:15:47.033",
+  "lastModified": "2023-09-18T15:15:47.033",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a remote attacker to obtain sensitive information via get_db_info function in install.php."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ranhn/TDSQL",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/ranhn/TDSQL.git",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-424xx/CVE-2023-42469.json

@@ -2,31 +2,99 @@
   "id": "CVE-2023-42469",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-09-13T19:15:08.410",
-  "lastModified": "2023-09-14T13:01:09.107",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-09-18T14:10:52.490",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
       "value": "The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component."
+    },
+    {
+      "lang": "es",
+      "value": "La aplicaci\u00f3n com.full.dialer.top.secure.encrypted hasta 1.0.1 para Android permite que cualquier aplicaci\u00f3n instalada (sin permisos) realice llamadas telef\u00f3nicas sin interacci\u00f3n del usuario enviando una intenci\u00f3n dise\u00f1ada a trav\u00e9s de com.full.dialer.top. componente Secure.encrypted.activities.DialerActivity."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.3,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:fulldive:full_dialer:1.0.1:*:*:*:*:android:*:*",
+              "matchCriteriaId": "0CECC4FB-2AC5-4897-A5FA-D08456C20FDD"
+            }
+          ]
+        }
+      ]
     }
   ],
-  "metrics": {},
   "references": [
     {
       "url": "https://github.com/actuator/com.full.dialer.top.secure.encrypted",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Exploit"
+      ]
     },
     {
       "url": "https://github.com/actuator/com.full.dialer.top.secure.encrypted/blob/main/dial.gif",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Exploit"
+      ]
     },
     {
       "url": "https://github.com/actuator/com.full.dialer.top.secure.encrypted/blob/main/poc.apk",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Exploit"
+      ]
     },
     {
       "url": "https://github.com/actuator/cve/blob/main/CVE-2023-42469",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2023/CVE-2023-48xx/CVE-2023-4813.json

@@ -2,16 +2,40 @@
   "id": "CVE-2023-4813",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2023-09-12T22:15:08.277",
-  "lastModified": "2023-09-13T12:55:59.447",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-09-18T14:07:23.540",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
       "value": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge."
+    },
+    {
+      "lang": "es",
+      "value": "Se encontr\u00f3 una falla en glibc. En una situaci\u00f3n poco com\u00fan, la funci\u00f3n gaih_inet puede utilizar memoria que se ha liberado, lo que provoca un bloqueo de la aplicaci\u00f3n. Este problema solo se puede explotar cuando se llama a la funci\u00f3n getaddrinfo y la base de datos de hosts en /etc/nsswitch.conf est\u00e1 configurada con SUCCESS=continue o SUCCESS=merge."
     }
   ],
   "metrics": {
     "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      },
       {
         "source": "secalert@redhat.com",
         "type": "Secondary",
@@ -34,14 +58,87 @@
       }
     ]
   },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-416"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "2.36",
+              "matchCriteriaId": "467030AA-C1F8-46BE-ACC1-9B6A737DC39D"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
+              "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://access.redhat.com/security/cve/CVE-2023-4813",
-      "source": "secalert@redhat.com"
+      "source": "secalert@redhat.com",
+      "tags": [
+        "Third Party Advisory"
+      ]
     },
     {
       "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2237798",
-      "source": "secalert@redhat.com"
+      "source": "secalert@redhat.com",
+      "tags": [
+        "Issue Tracking",
+        "Patch",
+        "Third Party Advisory"
+      ]
     }
   ]
 }

CVE-2023/CVE-2023-48xx/CVE-2023-4863.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-4863",
   "sourceIdentifier": "chrome-cve-admin@google.com",
   "published": "2023-09-12T15:15:24.327",
-  "lastModified": "2023-09-18T09:15:07.823",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-09-18T14:15:07.877",
+  "vulnStatus": "Undergoing Analysis",
   "cisaExploitAdd": "2023-09-13",
   "cisaActionDue": "2023-10-04",
   "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@@ -56,6 +56,10 @@
       "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html",
       "source": "chrome-cve-admin@google.com"
     },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html",
+      "source": "chrome-cve-admin@google.com"
+    },
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/",
       "source": "chrome-cve-admin@google.com"

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-09-18T14:00:26.102324+00:00
+2023-09-18T16:00:24.921245+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-09-18T13:58:16.140000+00:00
+2023-09-18T15:15:47.033000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,49 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-225759
+225761
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `5`
+Recently added CVEs: `2`
 
-* [CVE-2023-41929](CVE-2023/CVE-2023-419xx/CVE-2023-41929.json) (`2023-09-18T12:15:07.470`)
-* [CVE-2023-42253](CVE-2023/CVE-2023-422xx/CVE-2023-42253.json) (`2023-09-18T12:15:07.580`)
-* [CVE-2023-42359](CVE-2023/CVE-2023-423xx/CVE-2023-42359.json) (`2023-09-18T12:15:07.633`)
-* [CVE-2023-32187](CVE-2023/CVE-2023-321xx/CVE-2023-32187.json) (`2023-09-18T13:15:08.190`)
-* [CVE-2023-34195](CVE-2023/CVE-2023-341xx/CVE-2023-34195.json) (`2023-09-18T13:15:08.487`)
+* [CVE-2023-42371](CVE-2023/CVE-2023-423xx/CVE-2023-42371.json) (`2023-09-18T15:15:46.870`)
+* [CVE-2023-42387](CVE-2023/CVE-2023-423xx/CVE-2023-42387.json) (`2023-09-18T15:15:47.033`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `29`
+Recently modified CVEs: `5`
 
-* [CVE-2022-24093](CVE-2022/CVE-2022-240xx/CVE-2022-24093.json) (`2023-09-18T13:52:11.613`)
-* [CVE-2023-41064](CVE-2023/CVE-2023-410xx/CVE-2023-41064.json) (`2023-09-18T13:15:08.607`)
-* [CVE-2023-4296](CVE-2023/CVE-2023-42xx/CVE-2023-4296.json) (`2023-09-18T13:15:08.847`)
-* [CVE-2023-4387](CVE-2023/CVE-2023-43xx/CVE-2023-4387.json) (`2023-09-18T13:15:09.133`)
-* [CVE-2023-5032](CVE-2023/CVE-2023-50xx/CVE-2023-5032.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-5033](CVE-2023/CVE-2023-50xx/CVE-2023-5033.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-5034](CVE-2023/CVE-2023-50xx/CVE-2023-5034.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-42520](CVE-2023/CVE-2023-425xx/CVE-2023-42520.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-42526](CVE-2023/CVE-2023-425xx/CVE-2023-42526.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-5036](CVE-2023/CVE-2023-50xx/CVE-2023-5036.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-42521](CVE-2023/CVE-2023-425xx/CVE-2023-42521.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-42522](CVE-2023/CVE-2023-425xx/CVE-2023-42522.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-42523](CVE-2023/CVE-2023-425xx/CVE-2023-42523.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-42524](CVE-2023/CVE-2023-425xx/CVE-2023-42524.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-42525](CVE-2023/CVE-2023-425xx/CVE-2023-42525.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-43114](CVE-2023/CVE-2023-431xx/CVE-2023-43114.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-43115](CVE-2023/CVE-2023-431xx/CVE-2023-43115.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-34999](CVE-2023/CVE-2023-349xx/CVE-2023-34999.json) (`2023-09-18T13:26:56.797`)
-* [CVE-2023-5031](CVE-2023/CVE-2023-50xx/CVE-2023-5031.json) (`2023-09-18T13:27:02.010`)
-* [CVE-2023-35850](CVE-2023/CVE-2023-358xx/CVE-2023-35850.json) (`2023-09-18T13:27:02.010`)
-* [CVE-2023-35851](CVE-2023/CVE-2023-358xx/CVE-2023-35851.json) (`2023-09-18T13:27:02.010`)
-* [CVE-2023-41349](CVE-2023/CVE-2023-413xx/CVE-2023-41349.json) (`2023-09-18T13:27:02.010`)
-* [CVE-2023-20233](CVE-2023/CVE-2023-202xx/CVE-2023-20233.json) (`2023-09-18T13:48:41.517`)
-* [CVE-2023-4759](CVE-2023/CVE-2023-47xx/CVE-2023-4759.json) (`2023-09-18T13:54:11.407`)
-* [CVE-2023-0119](CVE-2023/CVE-2023-01xx/CVE-2023-0119.json) (`2023-09-18T13:58:16.140`)
+* [CVE-2023-4813](CVE-2023/CVE-2023-48xx/CVE-2023-4813.json) (`2023-09-18T14:07:23.540`)
+* [CVE-2023-42469](CVE-2023/CVE-2023-424xx/CVE-2023-42469.json) (`2023-09-18T14:10:52.490`)
+* [CVE-2023-41155](CVE-2023/CVE-2023-411xx/CVE-2023-41155.json) (`2023-09-18T14:12:15.923`)
+* [CVE-2023-40968](CVE-2023/CVE-2023-409xx/CVE-2023-40968.json) (`2023-09-18T14:15:07.557`)
+* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-18T14:15:07.877`)
 
 
 ## Download and Usage