From 3682e4098a3e069ccad729a8d9884964f12cc6ee Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 5 Dec 2023 13:02:20 +0000 Subject: [PATCH] Auto-Update: 2023-12-05T13:02:17.124636+00:00 --- CVE-2023/CVE-2023-233xx/CVE-2023-23324.json | 81 +++++++++++++++++++-- CVE-2023/CVE-2023-233xx/CVE-2023-23325.json | 81 +++++++++++++++++++-- CVE-2023/CVE-2023-242xx/CVE-2023-24294.json | 81 +++++++++++++++++++-- CVE-2023/CVE-2023-436xx/CVE-2023-43608.json | 59 +++++++++++++++ CVE-2023/CVE-2023-436xx/CVE-2023-43628.json | 59 +++++++++++++++ CVE-2023/CVE-2023-458xx/CVE-2023-45838.json | 59 +++++++++++++++ CVE-2023/CVE-2023-458xx/CVE-2023-45839.json | 59 +++++++++++++++ CVE-2023/CVE-2023-458xx/CVE-2023-45840.json | 59 +++++++++++++++ CVE-2023/CVE-2023-458xx/CVE-2023-45841.json | 59 +++++++++++++++ CVE-2023/CVE-2023-458xx/CVE-2023-45842.json | 59 +++++++++++++++ CVE-2023/CVE-2023-49xx/CVE-2023-4912.json | 16 ++-- README.md | 25 ++++--- 12 files changed, 665 insertions(+), 32 deletions(-) create mode 100644 CVE-2023/CVE-2023-436xx/CVE-2023-43608.json create mode 100644 CVE-2023/CVE-2023-436xx/CVE-2023-43628.json create mode 100644 CVE-2023/CVE-2023-458xx/CVE-2023-45838.json create mode 100644 CVE-2023/CVE-2023-458xx/CVE-2023-45839.json create mode 100644 CVE-2023/CVE-2023-458xx/CVE-2023-45840.json create mode 100644 CVE-2023/CVE-2023-458xx/CVE-2023-45841.json create mode 100644 CVE-2023/CVE-2023-458xx/CVE-2023-45842.json diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23324.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23324.json index 86188b61080..0cffb1efcfc 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23324.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23324.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23324", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-29T01:15:07.127", - "lastModified": "2023-11-29T14:18:11.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T12:39:44.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,86 @@ "value": "Zumtobel Netlink CCD Onboard 3.74: se descubri\u00f3 que el firmware 3.80 contiene credenciales codificadas para la cuenta de administrador." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zumtobel:netlink_ccd_firmware:3.80:*:*:*:*:*:*:*", + "matchCriteriaId": "6420755E-4442-4FBB-AF8E-F5742031BC21" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zumtobel:netlink_ccd:3.74:*:*:*:*:*:*:*", + "matchCriteriaId": "FB3769BB-3A5F-4A10-BEFD-EC0362085B7F" + } + ] + } + ] + } + ], "references": [ { "url": "http://zumtobel.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://yoroi.company/en/research/cve-advisory-partial-disclosure-zumtobel-multiple-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-233xx/CVE-2023-23325.json b/CVE-2023/CVE-2023-233xx/CVE-2023-23325.json index 245d1da0663..25e01cc6235 100644 --- a/CVE-2023/CVE-2023-233xx/CVE-2023-23325.json +++ b/CVE-2023/CVE-2023-233xx/CVE-2023-23325.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23325", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-29T01:15:07.187", - "lastModified": "2023-11-29T14:18:11.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T12:48:15.773", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,86 @@ "value": "Zumtobel Netlink CCD Onboard 3.74: se descubri\u00f3 que el firmware 3.80 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del par\u00e1metro NetHostname." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zumtobel:netlink_ccd_firmware:3.80:*:*:*:*:*:*:*", + "matchCriteriaId": "6420755E-4442-4FBB-AF8E-F5742031BC21" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zumtobel:netlink_ccd:3.74:*:*:*:*:*:*:*", + "matchCriteriaId": "FB3769BB-3A5F-4A10-BEFD-EC0362085B7F" + } + ] + } + ] + } + ], "references": [ { "url": "http://zumtobel.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://yoroi.company/en/research/cve-advisory-partial-disclosure-zumtobel-multiple-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-242xx/CVE-2023-24294.json b/CVE-2023/CVE-2023-242xx/CVE-2023-24294.json index ef02ce7ba14..61258eed2c9 100644 --- a/CVE-2023/CVE-2023-242xx/CVE-2023-24294.json +++ b/CVE-2023/CVE-2023-242xx/CVE-2023-24294.json @@ -2,8 +2,8 @@ "id": "CVE-2023-24294", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-29T01:15:07.237", - "lastModified": "2023-11-29T14:18:11.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T12:56:50.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,86 @@ "value": "Zumtobel Netlink CCD Onboard v3.74 - Se descubri\u00f3 que el firmware v3.80 contiene un desbordamiento del b\u00fafer a trav\u00e9s del componente NetlinkWeb::Information::SetDeviceIdentification." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zumtobel:netlink_ccd_firmware:3.80:*:*:*:*:*:*:*", + "matchCriteriaId": "6420755E-4442-4FBB-AF8E-F5742031BC21" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zumtobel:netlink_ccd:3.74:*:*:*:*:*:*:*", + "matchCriteriaId": "FB3769BB-3A5F-4A10-BEFD-EC0362085B7F" + } + ] + } + ] + } + ], "references": [ { "url": "http://zumtobel.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://yoroi.company/en/research/cve-advisory-partial-disclosure-zumtobel-multiple-vulnerabilities/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mitigation", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43608.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43608.json new file mode 100644 index 00000000000..d4c54cc5aa0 --- /dev/null +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43608.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-43608", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2023-12-05T12:15:42.467", + "lastModified": "2023-12-05T12:15:42.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR functionality of Buildroot 2023.08.1 and dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-494" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1845", + "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1845", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43628.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43628.json new file mode 100644 index 00000000000..24bf15a1fed --- /dev/null +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43628.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-43628", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2023-12-05T12:15:43.000", + "lastModified": "2023-12-05T12:15:43.000", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1~dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-191" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860", + "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1860", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45838.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45838.json new file mode 100644 index 00000000000..804031244b1 --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45838.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45838", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2023-12-05T12:15:43.210", + "lastModified": "2023-12-05T12:15:43.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs` package." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-494" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844", + "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1844", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45839.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45839.json new file mode 100644 index 00000000000..82c1b10fa40 --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45839.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45839", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2023-12-05T12:15:43.397", + "lastModified": "2023-12-05T12:15:43.397", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `aufs-util` package." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-494" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844", + "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1844", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45840.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45840.json new file mode 100644 index 00000000000..1522de4b7a9 --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45840.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45840", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2023-12-05T12:15:43.580", + "lastModified": "2023-12-05T12:15:43.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `riscv64-elf-toolchain` package." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-494" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844", + "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1844", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45841.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45841.json new file mode 100644 index 00000000000..b8351e455df --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45841.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45841", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2023-12-05T12:15:43.773", + "lastModified": "2023-12-05T12:15:43.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `versal-firmware` package." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-494" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844", + "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1844", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45842.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45842.json new file mode 100644 index 00000000000..8bbb78c4413 --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45842.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45842", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2023-12-05T12:15:43.967", + "lastModified": "2023-12-05T12:15:43.967", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Multiple data integrity vulnerabilities exist in the package hash checking functionality of Buildroot 2023.08.1 and Buildroot dev commit 622698d7847. A specially crafted man-in-the-middle attack can lead to arbitrary command execution in the builder.This vulnerability is related to the `mxsldr` package." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-494" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844", + "source": "talos-cna@cisco.com" + }, + { + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1844", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4912.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4912.json index 306217b8ffe..aa6d0f4601e 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4912.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4912.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4912", "sourceIdentifier": "cve@gitlab.com", "published": "2023-12-01T07:15:11.387", - "lastModified": "2023-12-01T13:54:29.567", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-12-05T12:15:44.170", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -21,19 +21,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", - "attackComplexity": "LOW", + "attackComplexity": "HIGH", "privilegesRequired": "LOW", - "userInteraction": "NONE", + "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "baseScore": 2.6, + "baseSeverity": "LOW" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 1.2, "impactScore": 1.4 } ] diff --git a/README.md b/README.md index 8d51e45bf54..650ffb7a3ad 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-05T11:00:17.638302+00:00 +2023-12-05T13:02:17.124636+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-05T10:15:07.960000+00:00 +2023-12-05T12:56:50.947000+00:00 ``` ### Last Data Feed Release @@ -29,23 +29,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -232325 +232332 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `7` -* [CVE-2023-41835](CVE-2023/CVE-2023-418xx/CVE-2023-41835.json) (`2023-12-05T09:15:07.093`) +* [CVE-2023-43608](CVE-2023/CVE-2023-436xx/CVE-2023-43608.json) (`2023-12-05T12:15:42.467`) +* [CVE-2023-43628](CVE-2023/CVE-2023-436xx/CVE-2023-43628.json) (`2023-12-05T12:15:43.000`) +* [CVE-2023-45838](CVE-2023/CVE-2023-458xx/CVE-2023-45838.json) (`2023-12-05T12:15:43.210`) +* [CVE-2023-45839](CVE-2023/CVE-2023-458xx/CVE-2023-45839.json) (`2023-12-05T12:15:43.397`) +* [CVE-2023-45840](CVE-2023/CVE-2023-458xx/CVE-2023-45840.json) (`2023-12-05T12:15:43.580`) +* [CVE-2023-45841](CVE-2023/CVE-2023-458xx/CVE-2023-45841.json) (`2023-12-05T12:15:43.773`) +* [CVE-2023-45842](CVE-2023/CVE-2023-458xx/CVE-2023-45842.json) (`2023-12-05T12:15:43.967`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `4` -* [CVE-2021-39236](CVE-2021/CVE-2021-392xx/CVE-2021-39236.json) (`2023-12-05T10:15:07.490`) -* [CVE-2023-44330](CVE-2023/CVE-2023-443xx/CVE-2023-44330.json) (`2023-12-05T09:15:07.197`) -* [CVE-2023-46589](CVE-2023/CVE-2023-465xx/CVE-2023-46589.json) (`2023-12-05T10:15:07.960`) +* [CVE-2023-4912](CVE-2023/CVE-2023-49xx/CVE-2023-4912.json) (`2023-12-05T12:15:44.170`) +* [CVE-2023-23324](CVE-2023/CVE-2023-233xx/CVE-2023-23324.json) (`2023-12-05T12:39:44.770`) +* [CVE-2023-23325](CVE-2023/CVE-2023-233xx/CVE-2023-23325.json) (`2023-12-05T12:48:15.773`) +* [CVE-2023-24294](CVE-2023/CVE-2023-242xx/CVE-2023-24294.json) (`2023-12-05T12:56:50.947`) ## Download and Usage