diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47145.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47145.json new file mode 100644 index 00000000000..2085c62a77c --- /dev/null +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47145.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-47145", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-01-07T19:15:08.017", + "lastModified": "2024-01-07T19:15:08.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/270402", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7105500", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7213.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7213.json new file mode 100644 index 00000000000..231ff9f764a --- /dev/null +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7213.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7213", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-07T19:15:08.230", + "lastModified": "2024-01-07T19:15:08.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/2/README.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249769", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249769", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7214.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7214.json new file mode 100644 index 00000000000..6f4502aef93 --- /dev/null +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7214.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-7214", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-07T20:15:47.560", + "lastModified": "2024-01-07T20:15:47.560", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N350RT/3/README.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249770", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249770", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4a094724126..2684f35eeb0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-07T19:00:24.225816+00:00 +2024-01-07T21:00:24.818320+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-07T18:15:16.383000+00:00 +2024-01-07T20:15:47.560000+00:00 ``` ### Last Data Feed Release @@ -29,16 +29,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234999 +235002 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -* [CVE-2023-7212](CVE-2023/CVE-2023-72xx/CVE-2023-7212.json) (`2024-01-07T17:15:08.180`) -* [CVE-2024-0284](CVE-2024/CVE-2024-02xx/CVE-2024-0284.json) (`2024-01-07T17:15:08.427`) -* [CVE-2024-0286](CVE-2024/CVE-2024-02xx/CVE-2024-0286.json) (`2024-01-07T18:15:16.383`) +* [CVE-2023-47145](CVE-2023/CVE-2023-471xx/CVE-2023-47145.json) (`2024-01-07T19:15:08.017`) +* [CVE-2023-7213](CVE-2023/CVE-2023-72xx/CVE-2023-7213.json) (`2024-01-07T19:15:08.230`) +* [CVE-2023-7214](CVE-2023/CVE-2023-72xx/CVE-2023-7214.json) (`2024-01-07T20:15:47.560`) ### CVEs modified in the last Commit