Auto-Update: 2023-12-14T03:00:19.148699+00:00

2025-05-07 11:07:05 +00:00 · 2023-12-14 03:00:23 +00:00 · 2023-12-14 03:00:23 +00:00 · 1dedea2e2a
commit 1dedea2e2a
parent 6f1036f122
11 changed files with 318 additions and 33 deletions
--- a/CVE-2022/CVE-2022-438xx/CVE-2022-43843.json
+++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43843.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2022-43843",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2023-12-14T01:15:07.453",
+  "lastModified": "2023-12-14T01:15:07.453",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.  IBM X-Force ID:  239080."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-327"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239080",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://https://www.ibm.com/support/pages/node/7094941",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-302xx/CVE-2023-30222.json
+++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30222.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-30222",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-06-16T17:15:11.857",
-  "lastModified": "2023-06-30T15:52:51.067",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-14T01:15:07.693",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -84,6 +84,10 @@
    }
  ],
  "references": [
+    {
+      "url": "https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://packetstormsecurity.com",
      "source": "cve@mitre.org",
--- a/CVE-2023/CVE-2023-302xx/CVE-2023-30223.json
+++ b/CVE-2023/CVE-2023-302xx/CVE-2023-30223.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-30223",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-06-16T17:15:11.897",
-  "lastModified": "2023-06-30T15:58:40.550",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-14T01:15:07.787",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -84,6 +84,10 @@
    }
  ],
  "references": [
+    {
+      "url": "https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure/",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://packetstormsecurity.com",
      "source": "cve@mitre.org",
--- a/CVE-2023/CVE-2023-315xx/CVE-2023-31546.json
+++ b/CVE-2023/CVE-2023-315xx/CVE-2023-31546.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-31546",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-14T01:15:07.850",
+  "lastModified": "2023-12-14T01:15:07.850",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ran9ege/CVE-2023-31546/blob/main/CVE-2023-31546.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-365xx/CVE-2023-36585.json
+++ b/CVE-2023/CVE-2023-365xx/CVE-2023-36585.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-36585",
  "sourceIdentifier": "secure@microsoft.com",
  "published": "2023-10-10T18:15:14.343",
-  "lastModified": "2023-10-13T19:09:26.133",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-14T02:15:11.723",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Active Template Library Denial of Service Vulnerability"
+      "value": "Windows upnphost.dll Denial of Service Vulnerability"
    },
    {
      "lang": "es",
--- a/CVE-2023/CVE-2023-417xx/CVE-2023-41719.json
+++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41719.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-41719",
+  "sourceIdentifier": "support@hackerone.com",
+  "published": "2023-12-14T02:15:12.460",
+  "lastModified": "2023-12-14T02:15:12.460",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker impersonating an administrator may craft a specific web request which may lead to remote code execution."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "support@hackerone.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US",
+      "source": "support@hackerone.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-417xx/CVE-2023-41720.json
+++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41720.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-41720",
+  "sourceIdentifier": "support@hackerone.com",
+  "published": "2023-12-14T02:15:12.670",
+  "lastModified": "2023-12-14T02:15:12.670",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability exists on all versions of Ivanti Connect Secure below 22.6R2 where an attacker with a foothold on an Ivanti Connect Secure (ICS) appliance can escalate their privileges by exploiting a vulnerable installed application. This vulnerability allows the attacker to gain elevated execution privileges on the affected system."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "support@hackerone.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.0,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.0,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://forums.ivanti.com/s/article/Security-patch-release-Ivanti-Connect-Secure-22-6R2-and-22-6R2-1?language=en_US",
+      "source": "support@hackerone.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-430xx/CVE-2023-43042.json
+++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43042.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-43042",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2023-12-14T01:15:07.897",
+  "lastModified": "2023-12-14T01:15:07.897",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user.  IBM X-Force ID:  266874."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-1393"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266874",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://https://www.ibm.com/support/pages/node/7064976",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-451xx/CVE-2023-45184.json
+++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45184.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-45184",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2023-12-14T02:15:12.960",
+  "lastModified": "2023-12-14T02:15:12.960",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to obtain a decryption key due to improper authority checks.  IBM X-Force ID:  268270."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.2,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-922"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268270",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7091942",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-461xx/CVE-2023-46118.json
+++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46118.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-46118",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-10-25T18:17:36.117",
-  "lastModified": "2023-12-02T01:15:08.923",
+  "lastModified": "2023-12-14T01:15:08.103",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -113,6 +113,10 @@
        "Vendor Advisory"
      ]
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00009.html",
+      "source": "security-advisories@github.com"
+    },
    {
      "url": "https://www.debian.org/security/2023/dsa-5571",
      "source": "security-advisories@github.com"
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-12-14T00:55:18.119173+00:00
+2023-12-14T03:00:19.148699+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-12-14T00:15:43.490000+00:00
+2023-12-14T02:15:12.960000+00:00
 ```

 ### Last Data Feed Release
@ -29,39 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-233080
+233086
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `11`
+Recently added CVEs: `6`

-* [CVE-2023-41621](CVE-2023/CVE-2023-416xx/CVE-2023-41621.json) (`2023-12-13T23:15:07.217`)
-* [CVE-2023-43583](CVE-2023/CVE-2023-435xx/CVE-2023-43583.json) (`2023-12-13T23:15:07.270`)
-* [CVE-2023-43585](CVE-2023/CVE-2023-435xx/CVE-2023-43585.json) (`2023-12-13T23:15:07.463`)
-* [CVE-2023-43586](CVE-2023/CVE-2023-435xx/CVE-2023-43586.json) (`2023-12-13T23:15:07.660`)
-* [CVE-2023-45166](CVE-2023/CVE-2023-451xx/CVE-2023-45166.json) (`2023-12-13T23:15:07.850`)
-* [CVE-2023-45170](CVE-2023/CVE-2023-451xx/CVE-2023-45170.json) (`2023-12-13T23:15:08.017`)
-* [CVE-2023-45174](CVE-2023/CVE-2023-451xx/CVE-2023-45174.json) (`2023-12-13T23:15:08.180`)
-* [CVE-2023-49646](CVE-2023/CVE-2023-496xx/CVE-2023-49646.json) (`2023-12-13T23:15:08.357`)
-* [CVE-2023-21751](CVE-2023/CVE-2023-217xx/CVE-2023-21751.json) (`2023-12-14T00:15:42.863`)
-* [CVE-2023-40921](CVE-2023/CVE-2023-409xx/CVE-2023-40921.json) (`2023-12-14T00:15:43.443`)
-* [CVE-2023-41618](CVE-2023/CVE-2023-416xx/CVE-2023-41618.json) (`2023-12-14T00:15:43.490`)
+* [CVE-2022-43843](CVE-2022/CVE-2022-438xx/CVE-2022-43843.json) (`2023-12-14T01:15:07.453`)
+* [CVE-2023-31546](CVE-2023/CVE-2023-315xx/CVE-2023-31546.json) (`2023-12-14T01:15:07.850`)
+* [CVE-2023-43042](CVE-2023/CVE-2023-430xx/CVE-2023-43042.json) (`2023-12-14T01:15:07.897`)
+* [CVE-2023-41719](CVE-2023/CVE-2023-417xx/CVE-2023-41719.json) (`2023-12-14T02:15:12.460`)
+* [CVE-2023-41720](CVE-2023/CVE-2023-417xx/CVE-2023-41720.json) (`2023-12-14T02:15:12.670`)
+* [CVE-2023-45184](CVE-2023/CVE-2023-451xx/CVE-2023-45184.json) (`2023-12-14T02:15:12.960`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `9`
+Recently modified CVEs: `4`

-* [CVE-2023-42898](CVE-2023/CVE-2023-428xx/CVE-2023-42898.json) (`2023-12-13T23:15:29.030`)
-* [CVE-2023-42478](CVE-2023/CVE-2023-424xx/CVE-2023-42478.json) (`2023-12-13T23:23:46.593`)
-* [CVE-2023-42874](CVE-2023/CVE-2023-428xx/CVE-2023-42874.json) (`2023-12-13T23:29:19.097`)
-* [CVE-2023-36648](CVE-2023/CVE-2023-366xx/CVE-2023-36648.json) (`2023-12-13T23:38:17.737`)
-* [CVE-2023-36650](CVE-2023/CVE-2023-366xx/CVE-2023-36650.json) (`2023-12-13T23:51:23.937`)
-* [CVE-2023-42481](CVE-2023/CVE-2023-424xx/CVE-2023-42481.json) (`2023-12-13T23:54:39.960`)
-* [CVE-2023-36647](CVE-2023/CVE-2023-366xx/CVE-2023-36647.json) (`2023-12-14T00:03:46.357`)
-* [CVE-2023-42476](CVE-2023/CVE-2023-424xx/CVE-2023-42476.json) (`2023-12-14T00:07:10.443`)
-* [CVE-2023-36651](CVE-2023/CVE-2023-366xx/CVE-2023-36651.json) (`2023-12-14T00:12:41.860`)
+* [CVE-2023-30222](CVE-2023/CVE-2023-302xx/CVE-2023-30222.json) (`2023-12-14T01:15:07.693`)
+* [CVE-2023-30223](CVE-2023/CVE-2023-302xx/CVE-2023-30223.json) (`2023-12-14T01:15:07.787`)
+* [CVE-2023-46118](CVE-2023/CVE-2023-461xx/CVE-2023-46118.json) (`2023-12-14T01:15:08.103`)
+* [CVE-2023-36585](CVE-2023/CVE-2023-365xx/CVE-2023-36585.json) (`2023-12-14T02:15:11.723`)


 ## Download and Usage