From 387e9863ecd6bc8770791481c869aee54f52c871 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 10 Nov 2023 09:00:23 +0000 Subject: [PATCH] Auto-Update: 2023-11-10T09:00:19.670669+00:00 --- CVE-2022/CVE-2022-49xx/CVE-2022-4949.json | 6 ++- CVE-2023/CVE-2023-468xx/CVE-2023-46819.json | 14 ++--- CVE-2023/CVE-2023-472xx/CVE-2023-47248.json | 10 +++- CVE-2023/CVE-2023-478xx/CVE-2023-47800.json | 24 +++++++++ CVE-2023/CVE-2023-60xx/CVE-2023-6073.json | 59 +++++++++++++++++++++ README.md | 16 +++--- 6 files changed, 113 insertions(+), 16 deletions(-) create mode 100644 CVE-2023/CVE-2023-478xx/CVE-2023-47800.json create mode 100644 CVE-2023/CVE-2023-60xx/CVE-2023-6073.json diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4949.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4949.json index 18567f8cbd3..12aa0e3b768 100644 --- a/CVE-2022/CVE-2022-49xx/CVE-2022-4949.json +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4949.json @@ -2,7 +2,7 @@ "id": "CVE-2022-4949", "sourceIdentifier": "security@wordfence.com", "published": "2023-06-07T02:15:15.750", - "lastModified": "2023-11-09T18:15:07.463", + "lastModified": "2023-11-10T07:15:07.513", "vulnStatus": "Modified", "descriptions": [ { @@ -93,6 +93,10 @@ "url": "http://www.openwall.com/lists/oss-security/2023/11/09/3", "source": "security@wordfence.com" }, + { + "url": "http://xenbits.xen.org/xsa/advisory-443.html", + "source": "security@wordfence.com" + }, { "url": "https://blog.nintechnet.com/critical-vulnerability-in-wordpress-adsanity-plugin/", "source": "security@wordfence.com", diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46819.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46819.json index ac56a2f3794..23c4be1e0c0 100644 --- a/CVE-2023/CVE-2023-468xx/CVE-2023-46819.json +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46819.json @@ -2,18 +2,22 @@ "id": "CVE-2023-46819", "sourceIdentifier": "security@apache.org", "published": "2023-11-07T11:15:10.937", - "lastModified": "2023-11-07T12:15:10.797", + "lastModified": "2023-11-10T08:15:07.830", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.\nThis issue affects Apache OFBiz: before 18.12.09.\u00a0\n\nUsers are recommended to upgrade to version 18.12.09\n\n" + }, + { + "lang": "es", + "value": "Falta autenticaci\u00f3n en Apache Software Foundation Apache OFBiz cuando se usa el complemento Solr. Este problema afecta a Apache OFBiz: antes del 18.12.09. Se recomienda a los usuarios actualizar a la versi\u00f3n 18.12.09" } ], "metrics": {}, "weaknesses": [ { - "source": "f0158376-9dc2-43b6-827c-5f631a4d8d09", + "source": "security@apache.org", "type": "Secondary", "description": [ { @@ -25,11 +29,7 @@ ], "references": [ { - "url": "http://www.openwall.com/lists/oss-security/2023/11/07/2", - "source": "security@apache.org" - }, - { - "url": "https://lists.apache.org/thread/h1m85f18yh0oljbf10p603o9h4nmfxrc", + "url": "https://lists.apache.org/thread/mm5j0rsbl22q7yb0nmb6h2swbfjbwv99", "source": "security@apache.org" }, { diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47248.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47248.json index 6f384c1ba09..4e7c9effc4f 100644 --- a/CVE-2023/CVE-2023-472xx/CVE-2023-47248.json +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47248.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47248", "sourceIdentifier": "security@apache.org", "published": "2023-11-09T09:15:08.223", - "lastModified": "2023-11-09T13:46:10.880", + "lastModified": "2023-11-10T08:15:08.007", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -24,9 +24,17 @@ } ], "references": [ + { + "url": "https://github.com/apache/arrow/commit/f14170976372436ec1d03a724d8d3f3925484ecf", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n", "source": "security@apache.org" + }, + { + "url": "https://pypi.org/project/pyarrow-hotfix/", + "source": "security@apache.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47800.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47800.json new file mode 100644 index 00000000000..360106fbfcf --- /dev/null +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47800.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-47800", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-11-10T07:15:07.910", + "lastModified": "2023-11-10T07:15:07.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://partner.natus.com/m/7cd3bcca88e446d4/original/NeuroWorks-SleepWorks-Product-Security-Bulletin.pdf", + "source": "cve@mitre.org" + }, + { + "url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-006.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6073.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6073.json new file mode 100644 index 00000000000..f2fa56b1e37 --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6073.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6073", + "sourceIdentifier": "cve@asrg.io", + "published": "2023-11-10T08:15:08.100", + "lastModified": "2023-11-10T08:15:08.100", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + }, + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/cve-2023-6073-dos-and-control-of-volume-settings-for-vw-id-3-icas3-ivi-ecu/", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 7a4625f1238..2503884b159 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-10T07:00:19.347865+00:00 +2023-11-10T09:00:19.670669+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-10T06:15:30.510000+00:00 +2023-11-10T08:15:08.100000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -230311 +230313 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -* [CVE-2023-39796](CVE-2023/CVE-2023-397xx/CVE-2023-39796.json) (`2023-11-10T06:15:30.410`) -* [CVE-2023-47246](CVE-2023/CVE-2023-472xx/CVE-2023-47246.json) (`2023-11-10T06:15:30.510`) +* [CVE-2023-47800](CVE-2023/CVE-2023-478xx/CVE-2023-47800.json) (`2023-11-10T07:15:07.910`) +* [CVE-2023-6073](CVE-2023/CVE-2023-60xx/CVE-2023-6073.json) (`2023-11-10T08:15:08.100`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `3` -* [CVE-2023-32439](CVE-2023/CVE-2023-324xx/CVE-2023-32439.json) (`2023-11-10T05:15:08.367`) +* [CVE-2022-4949](CVE-2022/CVE-2022-49xx/CVE-2022-4949.json) (`2023-11-10T07:15:07.513`) +* [CVE-2023-46819](CVE-2023/CVE-2023-468xx/CVE-2023-46819.json) (`2023-11-10T08:15:07.830`) +* [CVE-2023-47248](CVE-2023/CVE-2023-472xx/CVE-2023-47248.json) (`2023-11-10T08:15:08.007`) ## Download and Usage