From 2a4846623ae8924280622e4e98f908533457243f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 1 Jan 2024 19:00:29 +0000 Subject: [PATCH] Auto-Update: 2024-01-01T19:00:25.508423+00:00 --- CVE-2023/CVE-2023-500xx/CVE-2023-50094.json | 32 ++++++++ CVE-2023/CVE-2023-500xx/CVE-2023-50096.json | 20 +++++ CVE-2023/CVE-2023-517xx/CVE-2023-51766.json | 12 ++- CVE-2024/CVE-2024-01xx/CVE-2024-0181.json | 88 +++++++++++++++++++++ README.md | 22 +++--- 5 files changed, 159 insertions(+), 15 deletions(-) create mode 100644 CVE-2023/CVE-2023-500xx/CVE-2023-50094.json create mode 100644 CVE-2023/CVE-2023-500xx/CVE-2023-50096.json create mode 100644 CVE-2024/CVE-2024-01xx/CVE-2024-0181.json diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50094.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50094.json new file mode 100644 index 00000000000..4e214233a97 --- /dev/null +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50094.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-50094", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-01T18:15:09.130", + "lastModified": "2024-01-01T18:15:09.130", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/yogeshojha/rengine/blob/5e120bd5f9dfbd1da82a193e8c9702e483d38d22/web/api/views.py#L195", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/yogeshojha/rengine/releases", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/yogeshojha/rengine/security", + "source": "cve@mitre.org" + }, + { + "url": "https://www.mattz.io/posts/cve-2023-50094/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50096.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50096.json new file mode 100644 index 00000000000..34ccdc943cd --- /dev/null +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50096.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-50096", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-01T18:15:09.197", + "lastModified": "2024-01-01T18:15:09.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json index 4edb7431d40..c2ec0c869f5 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51766.json @@ -2,12 +2,12 @@ "id": "CVE-2023-51766", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-24T06:15:07.673", - "lastModified": "2023-12-29T15:15:11.040", + "lastModified": "2024-01-01T18:15:09.243", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not." + "value": "Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports . but some other popular e-mail servers do not." }, { "lang": "es", @@ -28,6 +28,10 @@ "url": "http://www.openwall.com/lists/oss-security/2023/12/29/2", "source": "cve@mitre.org" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/01/1", + "source": "cve@mitre.org" + }, { "url": "https://bugs.exim.org/show_bug.cgi?id=3063", "source": "cve@mitre.org" @@ -52,6 +56,10 @@ "url": "https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5", "source": "cve@mitre.org" }, + { + "url": "https://github.com/Exim/exim/blob/master/doc/doc-txt/cve-2023-51766", + "source": "cve@mitre.org" + }, { "url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/", "source": "cve@mitre.org" diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0181.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0181.json new file mode 100644 index 00000000000..8ffad16c809 --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0181.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0181", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-01T17:15:08.543", + "lastModified": "2024-01-01T17:15:08.543", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://mega.nz/file/3Yc2iRzY#Uv7ECzLwUvff__JXEcyPG9oxJ0A1fsBIFGVaS35pvtA", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249433", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249433", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b86b0eb4b62..73479274cb4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-01T17:00:24.575509+00:00 +2024-01-01T19:00:25.508423+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-01T15:15:43.393000+00:00 +2024-01-01T18:15:09.243000+00:00 ``` ### Last Data Feed Release @@ -29,27 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234618 +234621 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `3` -* [CVE-2023-5877](CVE-2023/CVE-2023-58xx/CVE-2023-5877.json) (`2024-01-01T15:15:42.727`) -* [CVE-2023-6000](CVE-2023/CVE-2023-60xx/CVE-2023-6000.json) (`2024-01-01T15:15:43.100`) -* [CVE-2023-6037](CVE-2023/CVE-2023-60xx/CVE-2023-6037.json) (`2024-01-01T15:15:43.147`) -* [CVE-2023-6064](CVE-2023/CVE-2023-60xx/CVE-2023-6064.json) (`2024-01-01T15:15:43.197`) -* [CVE-2023-6113](CVE-2023/CVE-2023-61xx/CVE-2023-6113.json) (`2024-01-01T15:15:43.243`) -* [CVE-2023-6271](CVE-2023/CVE-2023-62xx/CVE-2023-6271.json) (`2024-01-01T15:15:43.293`) -* [CVE-2023-6421](CVE-2023/CVE-2023-64xx/CVE-2023-6421.json) (`2024-01-01T15:15:43.347`) -* [CVE-2023-6485](CVE-2023/CVE-2023-64xx/CVE-2023-6485.json) (`2024-01-01T15:15:43.393`) +* [CVE-2023-50094](CVE-2023/CVE-2023-500xx/CVE-2023-50094.json) (`2024-01-01T18:15:09.130`) +* [CVE-2023-50096](CVE-2023/CVE-2023-500xx/CVE-2023-50096.json) (`2024-01-01T18:15:09.197`) +* [CVE-2024-0181](CVE-2024/CVE-2024-01xx/CVE-2024-0181.json) (`2024-01-01T17:15:08.543`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2023-51766](CVE-2023/CVE-2023-517xx/CVE-2023-51766.json) (`2024-01-01T18:15:09.243`) ## Download and Usage