From 4327577e43509de62ab81f879e6c520cde9c056d Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 7 Sep 2023 08:00:30 +0000 Subject: [PATCH] Auto-Update: 2023-09-07T08:00:26.687243+00:00 --- CVE-2022/CVE-2022-475xx/CVE-2022-47522.json | 9 ++-- CVE-2023/CVE-2023-305xx/CVE-2023-30533.json | 10 ++-- CVE-2023/CVE-2023-380xx/CVE-2023-38032.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-380xx/CVE-2023-38033.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-392xx/CVE-2023-39236.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-392xx/CVE-2023-39237.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-399xx/CVE-2023-39910.json | 8 ++- CVE-2023/CVE-2023-403xx/CVE-2023-40359.json | 6 +-- CVE-2023/CVE-2023-48xx/CVE-2023-4815.json | 59 +++++++++++++++++++++ README.md | 22 +++++--- 10 files changed, 315 insertions(+), 19 deletions(-) create mode 100644 CVE-2023/CVE-2023-380xx/CVE-2023-38032.json create mode 100644 CVE-2023/CVE-2023-380xx/CVE-2023-38033.json create mode 100644 CVE-2023/CVE-2023-392xx/CVE-2023-39236.json create mode 100644 CVE-2023/CVE-2023-392xx/CVE-2023-39237.json create mode 100644 CVE-2023/CVE-2023-48xx/CVE-2023-4815.json diff --git a/CVE-2022/CVE-2022-475xx/CVE-2022-47522.json b/CVE-2022/CVE-2022-475xx/CVE-2022-47522.json index 8ba8db401a0..eb39437368f 100644 --- a/CVE-2022/CVE-2022-475xx/CVE-2022-47522.json +++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47522.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47522", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-15T02:15:07.290", - "lastModified": "2023-04-28T14:27:12.360", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-07T06:15:07.573", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -48,7 +48,6 @@ ], "configurations": [ { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -864,6 +863,10 @@ "Third Party Advisory" ] }, + { + "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:11.wifi.asc", + "source": "cve@mitre.org" + }, { "url": "https://www.wi-fi.org/discover-wi-fi/passpoint", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-305xx/CVE-2023-30533.json b/CVE-2023/CVE-2023-305xx/CVE-2023-30533.json index a6ec595f5ea..a0a5195a11d 100644 --- a/CVE-2023/CVE-2023-305xx/CVE-2023-30533.json +++ b/CVE-2023/CVE-2023-305xx/CVE-2023-30533.json @@ -2,12 +2,12 @@ "id": "CVE-2023-30533", "sourceIdentifier": "cve@mitre.org", "published": "2023-04-24T08:15:07.217", - "lastModified": "2023-05-02T18:40:51.750", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-07T07:15:07.883", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file." + "value": "SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected." } ], "metrics": { @@ -72,6 +72,10 @@ "Vendor Advisory" ] }, + { + "url": "https://git.sheetjs.com/sheetjs/sheetjs/issues/2986", + "source": "cve@mitre.org" + }, { "url": "https://git.sheetjs.com/sheetjs/sheetjs/src/branch/master/CHANGELOG.md", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38032.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38032.json new file mode 100644 index 00000000000..ef3d529e691 --- /dev/null +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38032.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38032", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-09-07T07:15:08.107", + "lastModified": "2023-09-07T07:15:08.107", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nASUS RT-AC86U AiProtection security- related function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7349-7f8cd-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-380xx/CVE-2023-38033.json b/CVE-2023/CVE-2023-380xx/CVE-2023-38033.json new file mode 100644 index 00000000000..878eef43b40 --- /dev/null +++ b/CVE-2023/CVE-2023-380xx/CVE-2023-38033.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-38033", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-09-07T07:15:08.297", + "lastModified": "2023-09-07T07:15:08.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7350-ded5e-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39236.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39236.json new file mode 100644 index 00000000000..10f3c679256 --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39236.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39236", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-09-07T07:15:08.440", + "lastModified": "2023-09-07T07:15:08.440", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7351-ec8fe-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39237.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39237.json new file mode 100644 index 00000000000..15fe942d588 --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39237.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-39237", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-09-07T07:15:08.537", + "lastModified": "2023-09-07T07:15:08.537", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7352-bad68-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json b/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json index 1ae5afdd7f3..ba781451c31 100644 --- a/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json +++ b/CVE-2023/CVE-2023-399xx/CVE-2023-39910.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39910", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-09T03:15:44.867", - "lastModified": "2023-08-22T22:15:11.383", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-07T07:15:08.640", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -80,6 +80,10 @@ "Third Party Advisory" ] }, + { + "url": "https://github.com/libbitcoin/libbitcoin-explorer/wiki/CVE-2023-39910", + "source": "cve@mitre.org" + }, { "url": "https://github.com/libbitcoin/libbitcoin-system/blob/a1b777fc51d9c04e0c7a1dec5cc746b82a6afe64/src/crypto/pseudo_random.cpp#L66C12-L78", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40359.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40359.json index 90dc2a7f91a..48f56564a25 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40359.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40359.json @@ -2,12 +2,12 @@ "id": "CVE-2023-40359", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-14T17:15:10.617", - "lastModified": "2023-08-22T18:53:55.847", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-07T06:15:07.990", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue." + "value": "xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4815.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4815.json new file mode 100644 index 00000000000..39846e2c3d8 --- /dev/null +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4815.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4815", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-09-07T07:15:08.747", + "lastModified": "2023-09-07T07:15:08.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e397f79b5a4..d7b8bba9e37 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-07T06:00:24.742083+00:00 +2023-09-07T08:00:26.687243+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-07T04:15:10.407000+00:00 +2023-09-07T07:15:08.747000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -224425 +224430 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -* [CVE-2023-38031](CVE-2023/CVE-2023-380xx/CVE-2023-38031.json) (`2023-09-07T04:15:10.273`) +* [CVE-2023-38032](CVE-2023/CVE-2023-380xx/CVE-2023-38032.json) (`2023-09-07T07:15:08.107`) +* [CVE-2023-38033](CVE-2023/CVE-2023-380xx/CVE-2023-38033.json) (`2023-09-07T07:15:08.297`) +* [CVE-2023-39236](CVE-2023/CVE-2023-392xx/CVE-2023-39236.json) (`2023-09-07T07:15:08.440`) +* [CVE-2023-39237](CVE-2023/CVE-2023-392xx/CVE-2023-39237.json) (`2023-09-07T07:15:08.537`) +* [CVE-2023-4815](CVE-2023/CVE-2023-48xx/CVE-2023-4815.json) (`2023-09-07T07:15:08.747`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `4` -* [CVE-2022-41717](CVE-2022/CVE-2022-417xx/CVE-2022-41717.json) (`2023-09-07T04:15:09.720`) -* [CVE-2023-40305](CVE-2023/CVE-2023-403xx/CVE-2023-40305.json) (`2023-09-07T04:15:10.407`) +* [CVE-2022-47522](CVE-2022/CVE-2022-475xx/CVE-2022-47522.json) (`2023-09-07T06:15:07.573`) +* [CVE-2023-40359](CVE-2023/CVE-2023-403xx/CVE-2023-40359.json) (`2023-09-07T06:15:07.990`) +* [CVE-2023-30533](CVE-2023/CVE-2023-305xx/CVE-2023-30533.json) (`2023-09-07T07:15:07.883`) +* [CVE-2023-39910](CVE-2023/CVE-2023-399xx/CVE-2023-39910.json) (`2023-09-07T07:15:08.640`) ## Download and Usage