Auto-Update: 2023-09-22T06:00:25.387046+00:00

2025-05-08 19:47:09 +00:00 · 2023-09-22 06:00:29 +00:00 · 2023-09-22 06:00:29 +00:00 · 350bfbb753
commit 350bfbb753
parent 22de1d47b7
13 changed files with 379 additions and 31 deletions
--- a/CVE-2023/CVE-2023-233xx/CVE-2023-23362.json
+++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23362.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-23362",
+  "sourceIdentifier": "security@qnapsecurity.com.tw",
+  "published": "2023-09-22T04:15:50.487",
+  "lastModified": "2023-09-22T04:15:50.487",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2376 build 20230421 and later\nQTS 4.5.4.2374 build 20230416 and later\nQuTS hero h5.0.1.2376 build 20230421 and later\nQuTS hero h4.5.4.2374 build 20230417 and later\nQuTScloud c5.0.1.2374 and later\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@qnapsecurity.com.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@qnapsecurity.com.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.qnap.com/en/security-advisory/qsa-23-18",
+      "source": "security@qnapsecurity.com.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-233xx/CVE-2023-23363.json
+++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23363.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-23363",
+  "sourceIdentifier": "security@qnapsecurity.com.tw",
+  "published": "2023-09-22T04:15:53.873",
+  "lastModified": "2023-09-22T04:15:53.873",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 4.3.6.2441 build 20230621 and later\nQTS 4.3.3.2420 build 20230621 and later\nQTS 4.2.6 build 20230621 and later\nQTS 4.3.4.2451 build 20230621 and later\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@qnapsecurity.com.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@qnapsecurity.com.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.qnap.com/en/security-advisory/qsa-23-25",
+      "source": "security@qnapsecurity.com.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-233xx/CVE-2023-23364.json
+++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23364.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-23364",
+  "sourceIdentifier": "security@qnapsecurity.com.tw",
+  "published": "2023-09-22T04:15:54.213",
+  "lastModified": "2023-09-22T04:15:54.213",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nMultimedia Console 2.1.1 ( 2023/03/29 ) and later\nMultimedia Console 1.4.7 ( 2023/03/20 ) and later\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@qnapsecurity.com.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@qnapsecurity.com.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.qnap.com/en/security-advisory/qsa-23-29",
+      "source": "security@qnapsecurity.com.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43760.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43760.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-43760",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-22T05:15:09.240",
+  "lastModified": "2023-09-22T05:15:09.240",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn6",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43761.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43761.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-43761",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-22T05:15:09.457",
+  "lastModified": "2023-09-22T05:15:09.457",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn5",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43762.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43762.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-43762",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-22T05:15:09.530",
+  "lastModified": "2023-09-22T05:15:09.530",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43763.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43763.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-43763",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-22T05:15:09.630",
+  "lastModified": "2023-09-22T05:15:09.630",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43764.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43764.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-43764",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-22T05:15:09.720",
+  "lastModified": "2023-09-22T05:15:09.720",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affects WithSecure Policy Manager 15 on Windows and Linux."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43765.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43765.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-43765",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-22T05:15:09.793",
+  "lastModified": "2023-09-22T05:15:09.793",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn2",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43766.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43766.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-43766",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-22T05:15:09.867",
+  "lastModified": "2023-09-22T05:15:09.867",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn4",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43767.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43767.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-43767",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-22T05:15:09.937",
+  "lastModified": "2023-09-22T05:15:09.937",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn3",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json
+++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4863.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-4863",
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "published": "2023-09-12T15:15:24.327",
-  "lastModified": "2023-09-22T00:15:15.637",
+  "lastModified": "2023-09-22T04:15:54.533",
  "vulnStatus": "Modified",
  "cisaExploitAdd": "2023-09-13",
  "cisaActionDue": "2023-10-04",
@ -208,6 +208,10 @@
        "Third Party Advisory"
      ]
    },
+    {
+      "url": "https://blog.isosceles.com/the-webp-0day/",
+      "source": "chrome-cve-admin@google.com"
+    },
    {
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1215231",
      "source": "chrome-cve-admin@google.com",
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-09-22T04:00:24.432039+00:00
+2023-09-22T06:00:25.387046+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-09-22T02:20:01.783000+00:00
+2023-09-22T05:15:09.937000+00:00
 ```

 ### Last Data Feed Release
@ -29,44 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-226025
+226036
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `11`

+* [CVE-2023-23362](CVE-2023/CVE-2023-233xx/CVE-2023-23362.json) (`2023-09-22T04:15:50.487`)
+* [CVE-2023-23363](CVE-2023/CVE-2023-233xx/CVE-2023-23363.json) (`2023-09-22T04:15:53.873`)
+* [CVE-2023-23364](CVE-2023/CVE-2023-233xx/CVE-2023-23364.json) (`2023-09-22T04:15:54.213`)
+* [CVE-2023-43760](CVE-2023/CVE-2023-437xx/CVE-2023-43760.json) (`2023-09-22T05:15:09.240`)
+* [CVE-2023-43761](CVE-2023/CVE-2023-437xx/CVE-2023-43761.json) (`2023-09-22T05:15:09.457`)
+* [CVE-2023-43762](CVE-2023/CVE-2023-437xx/CVE-2023-43762.json) (`2023-09-22T05:15:09.530`)
+* [CVE-2023-43763](CVE-2023/CVE-2023-437xx/CVE-2023-43763.json) (`2023-09-22T05:15:09.630`)
+* [CVE-2023-43764](CVE-2023/CVE-2023-437xx/CVE-2023-43764.json) (`2023-09-22T05:15:09.720`)
+* [CVE-2023-43765](CVE-2023/CVE-2023-437xx/CVE-2023-43765.json) (`2023-09-22T05:15:09.793`)
+* [CVE-2023-43766](CVE-2023/CVE-2023-437xx/CVE-2023-43766.json) (`2023-09-22T05:15:09.867`)
+* [CVE-2023-43767](CVE-2023/CVE-2023-437xx/CVE-2023-43767.json) (`2023-09-22T05:15:09.937`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `28`
+Recently modified CVEs: `1`

-* [CVE-2023-43619](CVE-2023/CVE-2023-436xx/CVE-2023-43619.json) (`2023-09-22T02:05:56.723`)
-* [CVE-2023-43620](CVE-2023/CVE-2023-436xx/CVE-2023-43620.json) (`2023-09-22T02:06:06.743`)
-* [CVE-2023-43621](CVE-2023/CVE-2023-436xx/CVE-2023-43621.json) (`2023-09-22T02:06:59.813`)
-* [CVE-2023-40930](CVE-2023/CVE-2023-409xx/CVE-2023-40930.json) (`2023-09-22T02:09:30.007`)
-* [CVE-2023-41484](CVE-2023/CVE-2023-414xx/CVE-2023-41484.json) (`2023-09-22T02:09:42.600`)
-* [CVE-2023-42147](CVE-2023/CVE-2023-421xx/CVE-2023-42147.json) (`2023-09-22T02:10:05.603`)
-* [CVE-2023-42331](CVE-2023/CVE-2023-423xx/CVE-2023-42331.json) (`2023-09-22T02:10:19.257`)
-* [CVE-2023-42334](CVE-2023/CVE-2023-423xx/CVE-2023-42334.json) (`2023-09-22T02:10:48.637`)
-* [CVE-2023-42335](CVE-2023/CVE-2023-423xx/CVE-2023-42335.json) (`2023-09-22T02:11:00.637`)
-* [CVE-2023-43134](CVE-2023/CVE-2023-431xx/CVE-2023-43134.json) (`2023-09-22T02:11:47.020`)
-* [CVE-2023-43137](CVE-2023/CVE-2023-431xx/CVE-2023-43137.json) (`2023-09-22T02:11:55.050`)
-* [CVE-2023-43138](CVE-2023/CVE-2023-431xx/CVE-2023-43138.json) (`2023-09-22T02:12:01.367`)
-* [CVE-2023-36109](CVE-2023/CVE-2023-361xx/CVE-2023-36109.json) (`2023-09-22T02:12:15.177`)
-* [CVE-2023-36234](CVE-2023/CVE-2023-362xx/CVE-2023-36234.json) (`2023-09-22T02:13:39.357`)
-* [CVE-2023-43135](CVE-2023/CVE-2023-431xx/CVE-2023-43135.json) (`2023-09-22T02:14:08.313`)
-* [CVE-2023-43274](CVE-2023/CVE-2023-432xx/CVE-2023-43274.json) (`2023-09-22T02:15:02.017`)
-* [CVE-2023-43309](CVE-2023/CVE-2023-433xx/CVE-2023-43309.json) (`2023-09-22T02:15:37.603`)
-* [CVE-2023-43235](CVE-2023/CVE-2023-432xx/CVE-2023-43235.json) (`2023-09-22T02:18:58.013`)
-* [CVE-2023-43236](CVE-2023/CVE-2023-432xx/CVE-2023-43236.json) (`2023-09-22T02:19:03.217`)
-* [CVE-2023-43237](CVE-2023/CVE-2023-432xx/CVE-2023-43237.json) (`2023-09-22T02:19:09.227`)
-* [CVE-2023-43238](CVE-2023/CVE-2023-432xx/CVE-2023-43238.json) (`2023-09-22T02:19:15.737`)
-* [CVE-2023-43239](CVE-2023/CVE-2023-432xx/CVE-2023-43239.json) (`2023-09-22T02:19:27.603`)
-* [CVE-2023-43240](CVE-2023/CVE-2023-432xx/CVE-2023-43240.json) (`2023-09-22T02:19:41.467`)
-* [CVE-2023-43241](CVE-2023/CVE-2023-432xx/CVE-2023-43241.json) (`2023-09-22T02:19:55.597`)
-* [CVE-2023-43242](CVE-2023/CVE-2023-432xx/CVE-2023-43242.json) (`2023-09-22T02:20:01.783`)
+* [CVE-2023-4863](CVE-2023/CVE-2023-48xx/CVE-2023-4863.json) (`2023-09-22T04:15:54.533`)


 ## Download and Usage