From 2b91db82afcc7e9c1a2870d0bd319fd4e9359fa4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 23 Aug 2023 23:55:33 +0000 Subject: [PATCH] Auto-Update: 2023-08-23T23:55:30.468203+00:00 --- CVE-2023/CVE-2023-322xx/CVE-2023-32202.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-34xx/CVE-2023-3453.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-363xx/CVE-2023-36317.json | 28 +++++++++++ CVE-2023/CVE-2023-384xx/CVE-2023-38422.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-410xx/CVE-2023-41028.json | 55 +++++++++++++++++++++ README.md | 36 ++++---------- 6 files changed, 258 insertions(+), 26 deletions(-) create mode 100644 CVE-2023/CVE-2023-322xx/CVE-2023-32202.json create mode 100644 CVE-2023/CVE-2023-34xx/CVE-2023-3453.json create mode 100644 CVE-2023/CVE-2023-363xx/CVE-2023-36317.json create mode 100644 CVE-2023/CVE-2023-384xx/CVE-2023-38422.json create mode 100644 CVE-2023/CVE-2023-410xx/CVE-2023-41028.json diff --git a/CVE-2023/CVE-2023-322xx/CVE-2023-32202.json b/CVE-2023/CVE-2023-322xx/CVE-2023-32202.json new file mode 100644 index 00000000000..be6fc8ee038 --- /dev/null +++ b/CVE-2023/CVE-2023-322xx/CVE-2023-32202.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32202", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-08-23T22:15:07.873", + "lastModified": "2023-08-23T22:15:07.873", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-04", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3453.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3453.json new file mode 100644 index 00000000000..3a0ddcaaa43 --- /dev/null +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3453.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3453", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-08-23T22:15:08.930", + "lastModified": "2023-08-23T22:15:08.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1188" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-208-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-363xx/CVE-2023-36317.json b/CVE-2023/CVE-2023-363xx/CVE-2023-36317.json new file mode 100644 index 00000000000..2c2956b0e2e --- /dev/null +++ b/CVE-2023/CVE-2023-363xx/CVE-2023-36317.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-36317", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-23T22:15:08.550", + "lastModified": "2023-08-23T22:15:08.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/oye-ujjwal/CVE/blob/main/CVE-2023-36317", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38422.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38422.json new file mode 100644 index 00000000000..3215fcb4896 --- /dev/null +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38422.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38422", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-08-23T22:15:08.693", + "lastModified": "2023-08-23T22:15:08.693", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-229-04", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41028.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41028.json new file mode 100644 index 00000000000..a0be1ed9048 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41028.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41028", + "sourceIdentifier": "disclosures@exodusintel.com", + "published": "2023-08-23T22:15:09.077", + "lastModified": "2023-08-23T22:15:09.077", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "disclosures@exodusintel.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "disclosures@exodusintel.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://blog.exodusintel.com/2023/08/23/juplink-rx4-1500-stack-based-buffer-overflow-vulnerability/", + "source": "disclosures@exodusintel.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e89baf8c9e7..707cdefbf5d 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-23T22:00:25.916084+00:00 +2023-08-23T23:55:30.468203+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-23T21:15:09.263000+00:00 +2023-08-23T22:15:09.077000+00:00 ``` ### Last Data Feed Release @@ -29,40 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223338 +223343 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `5` -* [CVE-2022-3742](CVE-2022/CVE-2022-37xx/CVE-2022-3742.json) (`2023-08-23T20:15:08.327`) -* [CVE-2022-3743](CVE-2022/CVE-2022-37xx/CVE-2022-3743.json) (`2023-08-23T20:15:08.497`) -* [CVE-2022-3744](CVE-2022/CVE-2022-37xx/CVE-2022-3744.json) (`2023-08-23T20:15:08.577`) -* [CVE-2022-3745](CVE-2022/CVE-2022-37xx/CVE-2022-3745.json) (`2023-08-23T20:15:08.660`) -* [CVE-2022-3746](CVE-2022/CVE-2022-37xx/CVE-2022-3746.json) (`2023-08-23T20:15:08.743`) -* [CVE-2023-40025](CVE-2023/CVE-2023-400xx/CVE-2023-40025.json) (`2023-08-23T20:15:08.840`) -* [CVE-2023-40176](CVE-2023/CVE-2023-401xx/CVE-2023-40176.json) (`2023-08-23T20:15:08.927`) -* [CVE-2023-40035](CVE-2023/CVE-2023-400xx/CVE-2023-40035.json) (`2023-08-23T21:15:08.300`) -* [CVE-2023-40177](CVE-2023/CVE-2023-401xx/CVE-2023-40177.json) (`2023-08-23T21:15:08.670`) -* [CVE-2023-40178](CVE-2023/CVE-2023-401xx/CVE-2023-40178.json) (`2023-08-23T21:15:08.877`) -* [CVE-2023-40185](CVE-2023/CVE-2023-401xx/CVE-2023-40185.json) (`2023-08-23T21:15:09.063`) +* [CVE-2023-32202](CVE-2023/CVE-2023-322xx/CVE-2023-32202.json) (`2023-08-23T22:15:07.873`) +* [CVE-2023-36317](CVE-2023/CVE-2023-363xx/CVE-2023-36317.json) (`2023-08-23T22:15:08.550`) +* [CVE-2023-38422](CVE-2023/CVE-2023-384xx/CVE-2023-38422.json) (`2023-08-23T22:15:08.693`) +* [CVE-2023-3453](CVE-2023/CVE-2023-34xx/CVE-2023-3453.json) (`2023-08-23T22:15:08.930`) +* [CVE-2023-41028](CVE-2023/CVE-2023-410xx/CVE-2023-41028.json) (`2023-08-23T22:15:09.077`) ### CVEs modified in the last Commit -Recently modified CVEs: `10` +Recently modified CVEs: `0` -* [CVE-2023-40174](CVE-2023/CVE-2023-401xx/CVE-2023-40174.json) (`2023-08-23T20:11:46.780`) -* [CVE-2023-4394](CVE-2023/CVE-2023-43xx/CVE-2023-4394.json) (`2023-08-23T20:16:38.203`) -* [CVE-2023-20013](CVE-2023/CVE-2023-200xx/CVE-2023-20013.json) (`2023-08-23T20:50:51.550`) -* [CVE-2023-20017](CVE-2023/CVE-2023-200xx/CVE-2023-20017.json) (`2023-08-23T20:52:43.313`) -* [CVE-2023-20111](CVE-2023/CVE-2023-201xx/CVE-2023-20111.json) (`2023-08-23T20:54:15.467`) -* [CVE-2023-34412](CVE-2023/CVE-2023-344xx/CVE-2023-34412.json) (`2023-08-23T21:04:10.520`) -* [CVE-2023-40315](CVE-2023/CVE-2023-403xx/CVE-2023-40315.json) (`2023-08-23T21:06:43.453`) -* [CVE-2023-37379](CVE-2023/CVE-2023-373xx/CVE-2023-37379.json) (`2023-08-23T21:15:07.660`) -* [CVE-2023-39441](CVE-2023/CVE-2023-394xx/CVE-2023-39441.json) (`2023-08-23T21:15:08.003`) -* [CVE-2023-40273](CVE-2023/CVE-2023-402xx/CVE-2023-40273.json) (`2023-08-23T21:15:09.263`) ## Download and Usage