From 3694c00324f041c346acf33609fa252fce9fdd79 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 11 Oct 2023 02:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-11T02:00:24.535452+00:00 --- CVE-2023/CVE-2023-444xx/CVE-2023-44487.json | 46 +++++++++++++++- CVE-2023/CVE-2023-446xx/CVE-2023-44689.json | 24 +++++++++ CVE-2023/CVE-2023-451xx/CVE-2023-45194.json | 24 +++++++++ CVE-2023/CVE-2023-55xx/CVE-2023-5511.json | 59 +++++++++++++++++++++ README.md | 42 ++++----------- 5 files changed, 161 insertions(+), 34 deletions(-) create mode 100644 CVE-2023/CVE-2023-446xx/CVE-2023-44689.json create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45194.json create mode 100644 CVE-2023/CVE-2023-55xx/CVE-2023-5511.json diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json index 69e0bcedaac..bc367347183 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json @@ -2,8 +2,12 @@ "id": "CVE-2023-44487", "sourceIdentifier": "cve@mitre.org", "published": "2023-10-10T14:15:10.883", - "lastModified": "2023-10-10T22:15:11.710", + "lastModified": "2023-10-11T01:15:08.693", "vulnStatus": "Awaiting Analysis", + "cisaExploitAdd": "2023-10-10", + "cisaActionDue": "2023-10-31", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "HTTP/2 Rapid Reset Attack Vulnerability", "descriptions": [ { "lang": "en", @@ -24,6 +28,10 @@ "url": "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", "source": "cve@mitre.org" }, + { + "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", + "source": "cve@mitre.org" + }, { "url": "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", "source": "cve@mitre.org" @@ -56,6 +64,10 @@ "url": "https://github.com/advisories/GHSA-vx74-f528-fxqg", "source": "cve@mitre.org" }, + { + "url": "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", + "source": "cve@mitre.org" + }, { "url": "https://github.com/alibaba/tengine/issues/1872", "source": "cve@mitre.org" @@ -120,6 +132,10 @@ "url": "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", "source": "cve@mitre.org" }, + { + "url": "https://github.com/kubernetes/kubernetes/pull/121120", + "source": "cve@mitre.org" + }, { "url": "https://github.com/micrictor/http2-rst-stream", "source": "cve@mitre.org" @@ -144,6 +160,14 @@ "url": "https://github.com/nodejs/node/pull/50121", "source": "cve@mitre.org" }, + { + "url": "https://github.com/opensearch-project/data-prepper/issues/3474", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/oqtane/oqtane.framework/discussions/3367", + "source": "cve@mitre.org" + }, { "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", "source": "cve@mitre.org" @@ -168,6 +192,10 @@ "url": "https://my.f5.com/manage/s/article/K000137106", "source": "cve@mitre.org" }, + { + "url": "https://netty.io/news/2023/10/10/4-1-100-Final.html", + "source": "cve@mitre.org" + }, { "url": "https://news.ycombinator.com/item?id=37830987", "source": "cve@mitre.org" @@ -180,6 +208,10 @@ "url": "https://news.ycombinator.com/item?id=37831062", "source": "cve@mitre.org" }, + { + "url": "https://news.ycombinator.com/item?id=37837043", + "source": "cve@mitre.org" + }, { "url": "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", "source": "cve@mitre.org" @@ -196,6 +228,14 @@ "url": "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", "source": "cve@mitre.org" }, + { + "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "source": "cve@mitre.org" + }, + { + "url": "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", + "source": "cve@mitre.org" + }, { "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "source": "cve@mitre.org" @@ -207,6 +247,10 @@ { "url": "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", "source": "cve@mitre.org" + }, + { + "url": "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-446xx/CVE-2023-44689.json b/CVE-2023/CVE-2023-446xx/CVE-2023-44689.json new file mode 100644 index 00000000000..5b805de8335 --- /dev/null +++ b/CVE-2023/CVE-2023-446xx/CVE-2023-44689.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-44689", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-10-11T01:15:08.780", + "lastModified": "2023-10-11T01:15:08.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/jp/JVN15808274/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://shinsei.e-gov.go.jp/contents/news/2023-03-12t1022040900_1318.html", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45194.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45194.json new file mode 100644 index 00000000000..dc925d875f6 --- /dev/null +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45194.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-45194", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-10-11T01:15:08.837", + "lastModified": "2023-10-11T01:15:08.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU99039725/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.mrl.co.jp/20231005_security/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5511.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5511.json new file mode 100644 index 00000000000..23d65f4cc5a --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5511.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5511", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-11T01:15:08.887", + "lastModified": "2023-10-11T01:15:08.887", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/snipe/snipe-it/commit/6d55d782806c9660e9e65dc5250faacb5d0033ed", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/43206801-9862-48da-b379-e55e341d78bf", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b12ae330ee9..dfa84d8e22d 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-10T23:55:25.317069+00:00 +2023-10-11T02:00:24.535452+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-10T23:25:33.373000+00:00 +2023-10-11T01:15:08.887000+00:00 ``` ### Last Data Feed Release @@ -23,53 +23,29 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-10-10T00:00:13.573507+00:00 +2023-10-11T00:00:13.566195+00:00 ``` ### Total Number of included CVEs ```plain -227520 +227523 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -* [CVE-2023-36126](CVE-2023/CVE-2023-361xx/CVE-2023-36126.json) (`2023-10-10T22:15:11.370`) -* [CVE-2023-36127](CVE-2023/CVE-2023-361xx/CVE-2023-36127.json) (`2023-10-10T22:15:11.417`) -* [CVE-2023-26220](CVE-2023/CVE-2023-262xx/CVE-2023-26220.json) (`2023-10-10T23:15:09.933`) +* [CVE-2023-44689](CVE-2023/CVE-2023-446xx/CVE-2023-44689.json) (`2023-10-11T01:15:08.780`) +* [CVE-2023-45194](CVE-2023/CVE-2023-451xx/CVE-2023-45194.json) (`2023-10-11T01:15:08.837`) +* [CVE-2023-5511](CVE-2023/CVE-2023-55xx/CVE-2023-5511.json) (`2023-10-11T01:15:08.887`) ### CVEs modified in the last Commit -Recently modified CVEs: `32` +Recently modified CVEs: `1` -* [CVE-2022-29531](CVE-2022/CVE-2022-295xx/CVE-2022-29531.json) (`2023-10-10T22:15:10.817`) -* [CVE-2022-29532](CVE-2022/CVE-2022-295xx/CVE-2022-29532.json) (`2023-10-10T22:15:10.890`) -* [CVE-2022-29534](CVE-2022/CVE-2022-295xx/CVE-2022-29534.json) (`2023-10-10T22:15:10.957`) -* [CVE-2022-34180](CVE-2022/CVE-2022-341xx/CVE-2022-34180.json) (`2023-10-10T22:15:11.043`) -* [CVE-2022-41230](CVE-2022/CVE-2022-412xx/CVE-2022-41230.json) (`2023-10-10T22:15:11.177`) -* [CVE-2022-48328](CVE-2022/CVE-2022-483xx/CVE-2022-48328.json) (`2023-10-10T22:15:11.283`) -* [CVE-2023-43641](CVE-2023/CVE-2023-436xx/CVE-2023-43641.json) (`2023-10-10T22:15:11.540`) -* [CVE-2023-44389](CVE-2023/CVE-2023-443xx/CVE-2023-44389.json) (`2023-10-10T22:15:11.623`) -* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-10T22:15:11.710`) -* [CVE-2023-38997](CVE-2023/CVE-2023-389xx/CVE-2023-38997.json) (`2023-10-10T23:15:10.033`) -* [CVE-2023-38998](CVE-2023/CVE-2023-389xx/CVE-2023-38998.json) (`2023-10-10T23:15:10.107`) -* [CVE-2023-38999](CVE-2023/CVE-2023-389xx/CVE-2023-38999.json) (`2023-10-10T23:15:10.170`) -* [CVE-2023-39000](CVE-2023/CVE-2023-390xx/CVE-2023-39000.json) (`2023-10-10T23:15:10.240`) -* [CVE-2023-39001](CVE-2023/CVE-2023-390xx/CVE-2023-39001.json) (`2023-10-10T23:15:10.307`) -* [CVE-2023-39002](CVE-2023/CVE-2023-390xx/CVE-2023-39002.json) (`2023-10-10T23:15:10.367`) -* [CVE-2023-39003](CVE-2023/CVE-2023-390xx/CVE-2023-39003.json) (`2023-10-10T23:15:10.427`) -* [CVE-2023-39004](CVE-2023/CVE-2023-390xx/CVE-2023-39004.json) (`2023-10-10T23:15:10.507`) -* [CVE-2023-39005](CVE-2023/CVE-2023-390xx/CVE-2023-39005.json) (`2023-10-10T23:15:10.577`) -* [CVE-2023-39006](CVE-2023/CVE-2023-390xx/CVE-2023-39006.json) (`2023-10-10T23:15:10.640`) -* [CVE-2023-39007](CVE-2023/CVE-2023-390xx/CVE-2023-39007.json) (`2023-10-10T23:15:10.710`) -* [CVE-2023-39008](CVE-2023/CVE-2023-390xx/CVE-2023-39008.json) (`2023-10-10T23:15:10.780`) -* [CVE-2023-42824](CVE-2023/CVE-2023-428xx/CVE-2023-42824.json) (`2023-10-10T23:15:10.847`) -* [CVE-2023-43871](CVE-2023/CVE-2023-438xx/CVE-2023-43871.json) (`2023-10-10T23:15:10.913`) -* [CVE-2023-43877](CVE-2023/CVE-2023-438xx/CVE-2023-43877.json) (`2023-10-10T23:15:10.983`) -* [CVE-2023-45312](CVE-2023/CVE-2023-453xx/CVE-2023-45312.json) (`2023-10-10T23:25:33.373`) +* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-10-11T01:15:08.693`) ## Download and Usage