From 4e35d25c4282407e68bfec66a89cc17cc7dceb24 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 3 Oct 2023 10:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-03T10:00:25.158484+00:00 --- CVE-2023/CVE-2023-36xx/CVE-2023-3654.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-36xx/CVE-2023-3655.json | 55 ++++++++++++++++++ CVE-2023/CVE-2023-36xx/CVE-2023-3656.json | 59 ++++++++++++++++++++ CVE-2023/CVE-2023-442xx/CVE-2023-44217.json | 32 +++++++++++ CVE-2023/CVE-2023-442xx/CVE-2023-44218.json | 55 ++++++++++++++++++ README.md | 62 ++++----------------- 6 files changed, 266 insertions(+), 52 deletions(-) create mode 100644 CVE-2023/CVE-2023-36xx/CVE-2023-3654.json create mode 100644 CVE-2023/CVE-2023-36xx/CVE-2023-3655.json create mode 100644 CVE-2023/CVE-2023-36xx/CVE-2023-3656.json create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44217.json create mode 100644 CVE-2023/CVE-2023-442xx/CVE-2023-44218.json diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3654.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3654.json new file mode 100644 index 00000000000..6ce93828d1f --- /dev/null +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3654.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3654", + "sourceIdentifier": "office@cyberdanube.com", + "published": "2023-10-03T09:15:10.247", + "lastModified": "2023-10-03T09:15:10.247", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request.\u00a0This vulnerability can be triggered by an HTTP endpoint exposed to the network.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "office@cyberdanube.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "office@cyberdanube.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "references": [ + { + "url": "https://www.cashit.at/", + "source": "office@cyberdanube.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3655.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3655.json new file mode 100644 index 00000000000..2065170cd2b --- /dev/null +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3655.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3655", + "sourceIdentifier": "office@cyberdanube.com", + "published": "2023-10-03T08:15:35.680", + "lastModified": "2023-10-03T08:15:35.680", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...).\u00a0This vulnerability can be triggered by an HTTP endpoint exposed to the network.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "office@cyberdanube.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "office@cyberdanube.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-749" + } + ] + } + ], + "references": [ + { + "url": "https://www.cashit.at/", + "source": "office@cyberdanube.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-36xx/CVE-2023-3656.json b/CVE-2023/CVE-2023-36xx/CVE-2023-3656.json new file mode 100644 index 00000000000..29a7b87fee1 --- /dev/null +++ b/CVE-2023/CVE-2023-36xx/CVE-2023-3656.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-3656", + "sourceIdentifier": "office@cyberdanube.com", + "published": "2023-10-03T08:15:35.930", + "lastModified": "2023-10-03T08:15:35.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "office@cyberdanube.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "office@cyberdanube.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-749" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://www.cashit.at/", + "source": "office@cyberdanube.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44217.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44217.json new file mode 100644 index 00000000000..b99ce986199 --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44217.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-44217", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2023-10-03T08:15:36.000", + "lastModified": "2023-10-03T08:15:36.000", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0013", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44218.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44218.json new file mode 100644 index 00000000000..95f69373f8c --- /dev/null +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44218.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-44218", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2023-10-03T08:15:36.067", + "lastModified": "2023-10-03T08:15:36.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nA flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-267" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 2eb599b7187..4fef852fe0d 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-03T08:00:25.266976+00:00 +2023-10-03T10:00:25.158484+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-03T06:15:48.337000+00:00 +2023-10-03T09:15:10.247000+00:00 ``` ### Last Data Feed Release @@ -29,66 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226817 +226822 ``` ### CVEs added in the last Commit -Recently added CVEs: `22` +Recently added CVEs: `5` -* [CVE-2023-21673](CVE-2023/CVE-2023-216xx/CVE-2023-21673.json) (`2023-10-03T06:15:16.413`) -* [CVE-2023-22382](CVE-2023/CVE-2023-223xx/CVE-2023-22382.json) (`2023-10-03T06:15:18.617`) -* [CVE-2023-22384](CVE-2023/CVE-2023-223xx/CVE-2023-22384.json) (`2023-10-03T06:15:19.860`) -* [CVE-2023-22385](CVE-2023/CVE-2023-223xx/CVE-2023-22385.json) (`2023-10-03T06:15:21.053`) -* [CVE-2023-24843](CVE-2023/CVE-2023-248xx/CVE-2023-24843.json) (`2023-10-03T06:15:22.160`) -* [CVE-2023-24844](CVE-2023/CVE-2023-248xx/CVE-2023-24844.json) (`2023-10-03T06:15:22.293`) -* [CVE-2023-24847](CVE-2023/CVE-2023-248xx/CVE-2023-24847.json) (`2023-10-03T06:15:22.620`) -* [CVE-2023-24848](CVE-2023/CVE-2023-248xx/CVE-2023-24848.json) (`2023-10-03T06:15:22.953`) -* [CVE-2023-24849](CVE-2023/CVE-2023-248xx/CVE-2023-24849.json) (`2023-10-03T06:15:23.050`) -* [CVE-2023-24850](CVE-2023/CVE-2023-248xx/CVE-2023-24850.json) (`2023-10-03T06:15:23.360`) -* [CVE-2023-24853](CVE-2023/CVE-2023-248xx/CVE-2023-24853.json) (`2023-10-03T06:15:23.710`) -* [CVE-2023-24855](CVE-2023/CVE-2023-248xx/CVE-2023-24855.json) (`2023-10-03T06:15:23.950`) -* [CVE-2023-28539](CVE-2023/CVE-2023-285xx/CVE-2023-28539.json) (`2023-10-03T06:15:24.117`) -* [CVE-2023-28540](CVE-2023/CVE-2023-285xx/CVE-2023-28540.json) (`2023-10-03T06:15:24.370`) -* [CVE-2023-28571](CVE-2023/CVE-2023-285xx/CVE-2023-28571.json) (`2023-10-03T06:15:24.657`) -* [CVE-2023-33026](CVE-2023/CVE-2023-330xx/CVE-2023-33026.json) (`2023-10-03T06:15:26.620`) -* [CVE-2023-33027](CVE-2023/CVE-2023-330xx/CVE-2023-33027.json) (`2023-10-03T06:15:26.850`) -* [CVE-2023-33028](CVE-2023/CVE-2023-330xx/CVE-2023-33028.json) (`2023-10-03T06:15:27.103`) -* [CVE-2023-33029](CVE-2023/CVE-2023-330xx/CVE-2023-33029.json) (`2023-10-03T06:15:27.360`) -* [CVE-2023-33034](CVE-2023/CVE-2023-330xx/CVE-2023-33034.json) (`2023-10-03T06:15:27.607`) -* [CVE-2023-33035](CVE-2023/CVE-2023-330xx/CVE-2023-33035.json) (`2023-10-03T06:15:27.787`) -* [CVE-2023-33039](CVE-2023/CVE-2023-330xx/CVE-2023-33039.json) (`2023-10-03T06:15:27.877`) +* [CVE-2023-3655](CVE-2023/CVE-2023-36xx/CVE-2023-3655.json) (`2023-10-03T08:15:35.680`) +* [CVE-2023-3656](CVE-2023/CVE-2023-36xx/CVE-2023-3656.json) (`2023-10-03T08:15:35.930`) +* [CVE-2023-44217](CVE-2023/CVE-2023-442xx/CVE-2023-44217.json) (`2023-10-03T08:15:36.000`) +* [CVE-2023-44218](CVE-2023/CVE-2023-442xx/CVE-2023-44218.json) (`2023-10-03T08:15:36.067`) +* [CVE-2023-3654](CVE-2023/CVE-2023-36xx/CVE-2023-3654.json) (`2023-10-03T09:15:10.247`) ### CVEs modified in the last Commit -Recently modified CVEs: `78` +Recently modified CVEs: `0` -* [CVE-2023-40541](CVE-2023/CVE-2023-405xx/CVE-2023-40541.json) (`2023-10-03T06:15:41.200`) -* [CVE-2023-41063](CVE-2023/CVE-2023-410xx/CVE-2023-41063.json) (`2023-10-03T06:15:41.463`) -* [CVE-2023-41065](CVE-2023/CVE-2023-410xx/CVE-2023-41065.json) (`2023-10-03T06:15:41.593`) -* [CVE-2023-41066](CVE-2023/CVE-2023-410xx/CVE-2023-41066.json) (`2023-10-03T06:15:41.870`) -* [CVE-2023-41067](CVE-2023/CVE-2023-410xx/CVE-2023-41067.json) (`2023-10-03T06:15:42.317`) -* [CVE-2023-41068](CVE-2023/CVE-2023-410xx/CVE-2023-41068.json) (`2023-10-03T06:15:43.013`) -* [CVE-2023-41070](CVE-2023/CVE-2023-410xx/CVE-2023-41070.json) (`2023-10-03T06:15:43.233`) -* [CVE-2023-41071](CVE-2023/CVE-2023-410xx/CVE-2023-41071.json) (`2023-10-03T06:15:43.443`) -* [CVE-2023-41073](CVE-2023/CVE-2023-410xx/CVE-2023-41073.json) (`2023-10-03T06:15:43.807`) -* [CVE-2023-41074](CVE-2023/CVE-2023-410xx/CVE-2023-41074.json) (`2023-10-03T06:15:44.263`) -* [CVE-2023-41078](CVE-2023/CVE-2023-410xx/CVE-2023-41078.json) (`2023-10-03T06:15:44.393`) -* [CVE-2023-41079](CVE-2023/CVE-2023-410xx/CVE-2023-41079.json) (`2023-10-03T06:15:44.543`) -* [CVE-2023-41174](CVE-2023/CVE-2023-411xx/CVE-2023-41174.json) (`2023-10-03T06:15:44.887`) -* [CVE-2023-41232](CVE-2023/CVE-2023-412xx/CVE-2023-41232.json) (`2023-10-03T06:15:45.157`) -* [CVE-2023-41968](CVE-2023/CVE-2023-419xx/CVE-2023-41968.json) (`2023-10-03T06:15:45.570`) -* [CVE-2023-41979](CVE-2023/CVE-2023-419xx/CVE-2023-41979.json) (`2023-10-03T06:15:46.010`) -* [CVE-2023-41980](CVE-2023/CVE-2023-419xx/CVE-2023-41980.json) (`2023-10-03T06:15:46.110`) -* [CVE-2023-41981](CVE-2023/CVE-2023-419xx/CVE-2023-41981.json) (`2023-10-03T06:15:46.307`) -* [CVE-2023-41984](CVE-2023/CVE-2023-419xx/CVE-2023-41984.json) (`2023-10-03T06:15:46.577`) -* [CVE-2023-41986](CVE-2023/CVE-2023-419xx/CVE-2023-41986.json) (`2023-10-03T06:15:46.933`) -* [CVE-2023-41991](CVE-2023/CVE-2023-419xx/CVE-2023-41991.json) (`2023-10-03T06:15:47.193`) -* [CVE-2023-41992](CVE-2023/CVE-2023-419xx/CVE-2023-41992.json) (`2023-10-03T06:15:47.630`) -* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2023-10-03T06:15:47.883`) -* [CVE-2023-41995](CVE-2023/CVE-2023-419xx/CVE-2023-41995.json) (`2023-10-03T06:15:48.117`) -* [CVE-2023-41996](CVE-2023/CVE-2023-419xx/CVE-2023-41996.json) (`2023-10-03T06:15:48.337`) ## Download and Usage