diff --git a/CVE-2023/CVE-2023-19xx/CVE-2023-1904.json b/CVE-2023/CVE-2023-19xx/CVE-2023-1904.json new file mode 100644 index 00000000000..0dd62369965 --- /dev/null +++ b/CVE-2023/CVE-2023-19xx/CVE-2023-1904.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-1904", + "sourceIdentifier": "security@octopus.com", + "published": "2023-12-14T08:15:36.550", + "lastModified": "2023-12-14T08:15:36.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@octopus.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://advisories.octopus.com/post/2023/sa2023-12/", + "source": "security@octopus.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2247.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2247.json index 88d424d4504..b7b09dc6b30 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2247.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2247.json @@ -2,12 +2,12 @@ "id": "CVE-2023-2247", "sourceIdentifier": "security@octopus.com", "published": "2023-05-02T05:15:28.113", - "lastModified": "2023-05-09T18:23:24.153", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T07:15:08.650", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function" + "value": "In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function\n\n" } ], "metrics": { diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25642.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25642.json new file mode 100644 index 00000000000..37f994e43a2 --- /dev/null +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25642.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25642", + "sourceIdentifier": "psirt@zte.com.cn", + "published": "2023-12-14T08:15:37.717", + "lastModified": "2023-12-14T08:15:37.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThere is a buffer overflow vulnerability in some ZTE\u00a0mobile internet\u00a0producsts. Due to insufficient validation of tcp port parameter,\u00a0an authenticated attacker could use the vulnerability to perform a denial of service attack.\u00a0\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504", + "source": "psirt@zte.com.cn" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25643.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25643.json new file mode 100644 index 00000000000..5c0bfb84575 --- /dev/null +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25643.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25643", + "sourceIdentifier": "psirt@zte.com.cn", + "published": "2023-12-14T08:15:38.357", + "lastModified": "2023-12-14T08:15:38.357", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nThere is a command injection vulnerability in some ZTE mobile internet\u00a0products. Due to insufficient input\u00a0validation of\u00a0multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504", + "source": "psirt@zte.com.cn" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25644.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25644.json new file mode 100644 index 00000000000..c431e2a4a15 --- /dev/null +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25644.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25644", + "sourceIdentifier": "psirt@zte.com.cn", + "published": "2023-12-14T08:15:38.997", + "lastModified": "2023-12-14T08:15:38.997", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThere is a denial of service vulnerability in some ZTE\u00a0mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "references": [ + { + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032624", + "source": "psirt@zte.com.cn" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25648.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25648.json new file mode 100644 index 00000000000..3a6a7e852dd --- /dev/null +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25648.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25648", + "sourceIdentifier": "psirt@zte.com.cn", + "published": "2023-12-14T07:15:07.180", + "lastModified": "2023-12-14T07:15:07.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThere is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. Due to weak folder permission, an attacker with ordinary user privileges could construct a fake DLL\u00a0to execute command to escalate local privileges.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032584", + "source": "psirt@zte.com.cn" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25650.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25650.json new file mode 100644 index 00000000000..8c851d3d1a7 --- /dev/null +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25650.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25650", + "sourceIdentifier": "psirt@zte.com.cn", + "published": "2023-12-14T07:15:07.783", + "lastModified": "2023-12-14T07:15:07.783", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThere is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032904", + "source": "psirt@zte.com.cn" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-256xx/CVE-2023-25651.json b/CVE-2023/CVE-2023-256xx/CVE-2023-25651.json new file mode 100644 index 00000000000..48d483a077e --- /dev/null +++ b/CVE-2023/CVE-2023-256xx/CVE-2023-25651.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-25651", + "sourceIdentifier": "psirt@zte.com.cn", + "published": "2023-12-14T07:15:08.270", + "lastModified": "2023-12-14T07:15:08.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThere is a SQL injection vulnerability in some ZTE mobile internet\u00a0products.\u00a0Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@zte.com.cn", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684", + "source": "psirt@zte.com.cn" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40997.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40997.json index 80d9cff77d7..50fae9c2c94 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40997.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40997.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40997", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T22:15:10.030", - "lastModified": "2023-08-31T00:26:33.640", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:39.727", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -72,6 +72,10 @@ "Issue Tracking", "Vendor Advisory" ] + }, + { + "url": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40998.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40998.json index 1dda6862dc6..2ca8465e53f 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40998.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40998.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40998", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-28T22:15:10.167", - "lastModified": "2023-08-31T00:26:26.523", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:40.460", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -72,6 +72,10 @@ "Issue Tracking", "Vendor Advisory" ] + }, + { + "url": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json index f3f3659a010..fc0fe375f94 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41627", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T17:15:07.633", - "lastModified": "2023-09-07T18:51:52.623", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:40.697", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device." + }, + { + "lang": "es", + "value": "O-RAN Software Community ric-plt-lib-rmr v4.9.0 no valida la fuente de las tablas de enrutamiento que recibe, permitiendo potencialmente a los atacantes enviar tablas de enrutamiento falsificadas al dispositivo." } ], "metrics": { @@ -70,6 +74,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46380.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46380.json index 59f99d8cc01..ca727c0a3d9 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46380.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46380.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46380", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-04T23:15:07.910", - "lastModified": "2023-11-16T15:59:48.403", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:41.037", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -148,6 +148,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46381.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46381.json index 55f15702285..982479134d5 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46381.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46381.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46381", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-04T23:15:07.957", - "lastModified": "2023-11-16T16:13:18.360", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:41.450", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -148,6 +148,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46382.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46382.json index 244d405390e..a42a77527d0 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46382.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46382.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46382", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-04T23:15:08.003", - "lastModified": "2023-11-16T16:15:45.477", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:41.690", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -148,6 +148,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46383.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46383.json index 9ae6636aa7c..b58435df5eb 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46383.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46383.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46383", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.377", - "lastModified": "2023-12-06T18:47:36.633", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:41.873", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -83,6 +83,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46384.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46384.json index f12915cd6d0..c1bba7f6762 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46384.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46384.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46384", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.423", - "lastModified": "2023-12-06T18:47:18.367", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:42.140", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -83,6 +83,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46385.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46385.json index 3ae7b3de7c8..5785112fc30 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46385.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46385.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46385", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.473", - "lastModified": "2023-12-06T18:43:03.487", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:42.350", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -83,6 +83,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46386.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46386.json index 6c2ba92fc09..cac3cabd2eb 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46386.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46386.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46386", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.520", - "lastModified": "2023-12-06T18:42:31.140", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:42.550", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -122,6 +122,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46387.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46387.json index 5787f94acd3..5db0830ca99 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46387.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46387.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46387", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.567", - "lastModified": "2023-12-06T18:42:12.257", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:42.770", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -122,6 +122,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46388.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46388.json index 1d9aa073653..e68874052d2 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46388.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46388.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46388", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.613", - "lastModified": "2023-12-06T18:41:39.457", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:42.987", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -122,6 +122,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46389.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46389.json index af2b0292bf1..b0c3967d530 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46389.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46389.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46389", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-30T23:15:07.660", - "lastModified": "2023-12-06T18:39:54.260", - "vulnStatus": "Analyzed", + "lastModified": "2023-12-14T08:15:43.187", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -122,6 +122,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48084.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48084.json new file mode 100644 index 00000000000..95a9049bf26 --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48084.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48084", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T07:15:08.890", + "lastModified": "2023-12-14T07:15:08.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.nagios.com/products/security/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-480xx/CVE-2023-48085.json b/CVE-2023/CVE-2023-480xx/CVE-2023-48085.json new file mode 100644 index 00000000000..3a2e9d4c6a0 --- /dev/null +++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48085.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48085", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-12-14T07:15:09.033", + "lastModified": "2023-12-14T07:15:09.033", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.nagios.com/products/security/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 8f852cb1cb0..8ea856cd714 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-14T07:00:17.512371+00:00 +2023-12-14T09:00:18.487937+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-14T06:15:42.743000+00:00 +2023-12-14T08:15:43.187000+00:00 ``` ### Last Data Feed Release @@ -29,31 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233096 +233105 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `9` -* [CVE-2023-49933](CVE-2023/CVE-2023-499xx/CVE-2023-49933.json) (`2023-12-14T05:15:08.810`) -* [CVE-2023-49934](CVE-2023/CVE-2023-499xx/CVE-2023-49934.json) (`2023-12-14T05:15:10.023`) -* [CVE-2023-49935](CVE-2023/CVE-2023-499xx/CVE-2023-49935.json) (`2023-12-14T05:15:10.490`) -* [CVE-2023-49936](CVE-2023/CVE-2023-499xx/CVE-2023-49936.json) (`2023-12-14T05:15:10.980`) -* [CVE-2023-49937](CVE-2023/CVE-2023-499xx/CVE-2023-49937.json) (`2023-12-14T05:15:11.493`) -* [CVE-2023-49938](CVE-2023/CVE-2023-499xx/CVE-2023-49938.json) (`2023-12-14T05:15:11.890`) -* [CVE-2023-5629](CVE-2023/CVE-2023-56xx/CVE-2023-5629.json) (`2023-12-14T05:15:12.463`) -* [CVE-2023-5630](CVE-2023/CVE-2023-56xx/CVE-2023-5630.json) (`2023-12-14T05:15:13.663`) -* [CVE-2023-6407](CVE-2023/CVE-2023-64xx/CVE-2023-6407.json) (`2023-12-14T05:15:14.407`) -* [CVE-2023-44709](CVE-2023/CVE-2023-447xx/CVE-2023-44709.json) (`2023-12-14T06:15:42.743`) +* [CVE-2023-25648](CVE-2023/CVE-2023-256xx/CVE-2023-25648.json) (`2023-12-14T07:15:07.180`) +* [CVE-2023-25650](CVE-2023/CVE-2023-256xx/CVE-2023-25650.json) (`2023-12-14T07:15:07.783`) +* [CVE-2023-25651](CVE-2023/CVE-2023-256xx/CVE-2023-25651.json) (`2023-12-14T07:15:08.270`) +* [CVE-2023-48084](CVE-2023/CVE-2023-480xx/CVE-2023-48084.json) (`2023-12-14T07:15:08.890`) +* [CVE-2023-48085](CVE-2023/CVE-2023-480xx/CVE-2023-48085.json) (`2023-12-14T07:15:09.033`) +* [CVE-2023-1904](CVE-2023/CVE-2023-19xx/CVE-2023-1904.json) (`2023-12-14T08:15:36.550`) +* [CVE-2023-25642](CVE-2023/CVE-2023-256xx/CVE-2023-25642.json) (`2023-12-14T08:15:37.717`) +* [CVE-2023-25643](CVE-2023/CVE-2023-256xx/CVE-2023-25643.json) (`2023-12-14T08:15:38.357`) +* [CVE-2023-25644](CVE-2023/CVE-2023-256xx/CVE-2023-25644.json) (`2023-12-14T08:15:38.997`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `14` -* [CVE-2023-47100](CVE-2023/CVE-2023-471xx/CVE-2023-47100.json) (`2023-12-14T05:15:07.690`) -* [CVE-2023-5984](CVE-2023/CVE-2023-59xx/CVE-2023-5984.json) (`2023-12-14T05:15:14.000`) +* [CVE-2023-2247](CVE-2023/CVE-2023-22xx/CVE-2023-2247.json) (`2023-12-14T07:15:08.650`) +* [CVE-2023-40997](CVE-2023/CVE-2023-409xx/CVE-2023-40997.json) (`2023-12-14T08:15:39.727`) +* [CVE-2023-40998](CVE-2023/CVE-2023-409xx/CVE-2023-40998.json) (`2023-12-14T08:15:40.460`) +* [CVE-2023-41627](CVE-2023/CVE-2023-416xx/CVE-2023-41627.json) (`2023-12-14T08:15:40.697`) +* [CVE-2023-46380](CVE-2023/CVE-2023-463xx/CVE-2023-46380.json) (`2023-12-14T08:15:41.037`) +* [CVE-2023-46381](CVE-2023/CVE-2023-463xx/CVE-2023-46381.json) (`2023-12-14T08:15:41.450`) +* [CVE-2023-46382](CVE-2023/CVE-2023-463xx/CVE-2023-46382.json) (`2023-12-14T08:15:41.690`) +* [CVE-2023-46383](CVE-2023/CVE-2023-463xx/CVE-2023-46383.json) (`2023-12-14T08:15:41.873`) +* [CVE-2023-46384](CVE-2023/CVE-2023-463xx/CVE-2023-46384.json) (`2023-12-14T08:15:42.140`) +* [CVE-2023-46385](CVE-2023/CVE-2023-463xx/CVE-2023-46385.json) (`2023-12-14T08:15:42.350`) +* [CVE-2023-46386](CVE-2023/CVE-2023-463xx/CVE-2023-46386.json) (`2023-12-14T08:15:42.550`) +* [CVE-2023-46387](CVE-2023/CVE-2023-463xx/CVE-2023-46387.json) (`2023-12-14T08:15:42.770`) +* [CVE-2023-46388](CVE-2023/CVE-2023-463xx/CVE-2023-46388.json) (`2023-12-14T08:15:42.987`) +* [CVE-2023-46389](CVE-2023/CVE-2023-463xx/CVE-2023-46389.json) (`2023-12-14T08:15:43.187`) ## Download and Usage