Auto-Update: 2023-10-11T02:00:24.535452+00:00

2025-05-08 11:37:26 +00:00 · 2023-10-11 02:00:28 +00:00 · 2023-10-11 02:00:28 +00:00 · 3694c00324
commit 3694c00324
parent 9d953f7e47
5 changed files with 161 additions and 34 deletions
--- a/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
+++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
@ -2,8 +2,12 @@
  "id": "CVE-2023-44487",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-10-10T14:15:10.883",
-  "lastModified": "2023-10-10T22:15:11.710",
+  "lastModified": "2023-10-11T01:15:08.693",
  "vulnStatus": "Awaiting Analysis",
+  "cisaExploitAdd": "2023-10-10",
+  "cisaActionDue": "2023-10-31",
+  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+  "cisaVulnerabilityName": "HTTP/2 Rapid Reset Attack Vulnerability",
  "descriptions": [
    {
      "lang": "en",
@ -24,6 +28,10 @@
      "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/",
      "source": "cve@mitre.org"
    },
+    {
+      "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988",
      "source": "cve@mitre.org"
@ -56,6 +64,10 @@
      "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg",
      "source": "cve@mitre.org"
    },
+    {
+      "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://github.com/alibaba/tengine/issues/1872",
      "source": "cve@mitre.org"
@ -120,6 +132,10 @@
      "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244",
      "source": "cve@mitre.org"
    },
+    {
+      "url": "https://github.com/kubernetes/kubernetes/pull/121120",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://github.com/micrictor/http2-rst-stream",
      "source": "cve@mitre.org"
@ -144,6 +160,14 @@
      "url": "https://github.com/nodejs/node/pull/50121",
      "source": "cve@mitre.org"
    },
+    {
+      "url": "https://github.com/opensearch-project/data-prepper/issues/3474",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/oqtane/oqtane.framework/discussions/3367",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo",
      "source": "cve@mitre.org"
@ -168,6 +192,10 @@
      "url": "https://my.f5.com/manage/s/article/K000137106",
      "source": "cve@mitre.org"
    },
+    {
+      "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://news.ycombinator.com/item?id=37830987",
      "source": "cve@mitre.org"
@ -180,6 +208,10 @@
      "url": "https://news.ycombinator.com/item?id=37831062",
      "source": "cve@mitre.org"
    },
+    {
+      "url": "https://news.ycombinator.com/item?id=37837043",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/",
      "source": "cve@mitre.org"
@ -196,6 +228,14 @@
      "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/",
      "source": "cve@mitre.org"
    },
+    {
+      "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
      "source": "cve@mitre.org"
@ -207,6 +247,10 @@
    {
      "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack",
      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/",
+      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-446xx/CVE-2023-44689.json
+++ b/CVE-2023/CVE-2023-446xx/CVE-2023-44689.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-44689",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-10-11T01:15:08.780",
+  "lastModified": "2023-10-11T01:15:08.780",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/jp/JVN15808274/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://shinsei.e-gov.go.jp/contents/news/2023-03-12t1022040900_1318.html",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-451xx/CVE-2023-45194.json
+++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45194.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-45194",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-10-11T01:15:08.837",
+  "lastModified": "2023-10-11T01:15:08.837",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU99039725/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.mrl.co.jp/20231005_security/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-55xx/CVE-2023-5511.json
+++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5511.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-5511",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-10-11T01:15:08.887",
+  "lastModified": "2023-10-11T01:15:08.887",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-10-10T23:55:25.317069+00:00
+2023-10-11T02:00:24.535452+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-10-10T23:25:33.373000+00:00
+2023-10-11T01:15:08.887000+00:00
 ```

 ### Last Data Feed Release
@ -23,53 +23,29 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-10-10T00:00:13.573507+00:00
+2023-10-11T00:00:13.566195+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-227520
+227523
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `3`

-* [CVE-2023-36126](CVE-2023/CVE-2023-361xx/CVE-2023-36126.json) (`2023-10-10T22:15:11.370`)
-* [CVE-2023-36127](CVE-2023/CVE-2023-361xx/CVE-2023-36127.json) (`2023-10-10T22:15:11.417`)
-* [CVE-2023-26220](CVE-2023/CVE-2023-262xx/CVE-2023-26220.json) (`2023-10-10T23:15:09.933`)
+* [CVE-2023-44689](CVE-2023/CVE-2023-446xx/CVE-2023-44689.json) (`2023-10-11T01:15:08.780`)
+* [CVE-2023-45194](CVE-2023/CVE-2023-451xx/CVE-2023-45194.json) (`2023-10-11T01:15:08.837`)
+* [CVE-2023-5511](CVE-2023/CVE-2023-55xx/CVE-2023-5511.json) (`2023-10-11T01:15:08.887`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `32`
+Recently modified CVEs: `1`

-* [CVE-2022-29531](CVE-2022/CVE-2022-295xx/CVE-2022-29531.json) (`2023-10-10T22:15:10.817`)
-* [CVE-2022-29532](CVE-2022/CVE-2022-295xx/CVE-2022-29532.json) (`2023-10-10T22:15:10.890`)
-* [CVE-2022-29534](CVE-2022/CVE-2022-295xx/CVE-2022-29534.json) (`2023-10-10T22:15:10.957`)
-* [CVE-2022-34180](CVE-2022/CVE-2022-341xx/CVE-2022-34180.json) (`2023-10-10T22:15:11.043`)
-* [CVE-2022-41230](CVE-2022/CVE-2022-412xx/CVE-2022-41230.json) (`2023-10-10T22:15:11.177`)
-* [CVE-2022-48328](CVE-2022/CVE-2022-483xx/CVE-2022-48328.json) (`2023-10-10T22:15:11.283`)
-* [CVE-2023-43641](CVE-2023/CVE-2023-436xx/CVE-2023-43641.json) (`2023-10-10T22:15:11.540`)
-* [CVE-2023-44389](CVE-2023/CVE-2023-443xx/CVE-2023-44389.json) (`2023-10-10T22:15:11.623`)
-* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-10T22:15:11.710`)
-* [CVE-2023-38997](CVE-2023/CVE-2023-389xx/CVE-2023-38997.json) (`2023-10-10T23:15:10.033`)
-* [CVE-2023-38998](CVE-2023/CVE-2023-389xx/CVE-2023-38998.json) (`2023-10-10T23:15:10.107`)
-* [CVE-2023-38999](CVE-2023/CVE-2023-389xx/CVE-2023-38999.json) (`2023-10-10T23:15:10.170`)
-* [CVE-2023-39000](CVE-2023/CVE-2023-390xx/CVE-2023-39000.json) (`2023-10-10T23:15:10.240`)
-* [CVE-2023-39001](CVE-2023/CVE-2023-390xx/CVE-2023-39001.json) (`2023-10-10T23:15:10.307`)
-* [CVE-2023-39002](CVE-2023/CVE-2023-390xx/CVE-2023-39002.json) (`2023-10-10T23:15:10.367`)
-* [CVE-2023-39003](CVE-2023/CVE-2023-390xx/CVE-2023-39003.json) (`2023-10-10T23:15:10.427`)
-* [CVE-2023-39004](CVE-2023/CVE-2023-390xx/CVE-2023-39004.json) (`2023-10-10T23:15:10.507`)
-* [CVE-2023-39005](CVE-2023/CVE-2023-390xx/CVE-2023-39005.json) (`2023-10-10T23:15:10.577`)
-* [CVE-2023-39006](CVE-2023/CVE-2023-390xx/CVE-2023-39006.json) (`2023-10-10T23:15:10.640`)
-* [CVE-2023-39007](CVE-2023/CVE-2023-390xx/CVE-2023-39007.json) (`2023-10-10T23:15:10.710`)
-* [CVE-2023-39008](CVE-2023/CVE-2023-390xx/CVE-2023-39008.json) (`2023-10-10T23:15:10.780`)
-* [CVE-2023-42824](CVE-2023/CVE-2023-428xx/CVE-2023-42824.json) (`2023-10-10T23:15:10.847`)
-* [CVE-2023-43871](CVE-2023/CVE-2023-438xx/CVE-2023-43871.json) (`2023-10-10T23:15:10.913`)
-* [CVE-2023-43877](CVE-2023/CVE-2023-438xx/CVE-2023-43877.json) (`2023-10-10T23:15:10.983`)
-* [CVE-2023-45312](CVE-2023/CVE-2023-453xx/CVE-2023-45312.json) (`2023-10-10T23:25:33.373`)
+* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-11T01:15:08.693`)


 ## Download and Usage