Auto-Update: 2023-10-03T10:00:25.158484+00:00

CVE-2023/CVE-2023-36xx/CVE-2023-3654.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3654",
+  "sourceIdentifier": "office@cyberdanube.com",
+  "published": "2023-10-03T09:15:10.247",
+  "lastModified": "2023-10-03T09:15:10.247",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request.\u00a0This vulnerability can be triggered by an HTTP endpoint exposed to the network.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "office@cyberdanube.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "LOW",
+          "baseScore": 9.4,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "office@cyberdanube.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-346"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cashit.at/",
+      "source": "office@cyberdanube.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-36xx/CVE-2023-3655.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3655",
+  "sourceIdentifier": "office@cyberdanube.com",
+  "published": "2023-10-03T08:15:35.680",
+  "lastModified": "2023-10-03T08:15:35.680",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...).\u00a0This vulnerability can be triggered by an HTTP endpoint exposed to the network.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "office@cyberdanube.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "office@cyberdanube.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-749"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cashit.at/",
+      "source": "office@cyberdanube.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-36xx/CVE-2023-3656.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3656",
+  "sourceIdentifier": "office@cyberdanube.com",
+  "published": "2023-10-03T08:15:35.930",
+  "lastModified": "2023-10-03T08:15:35.930",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "cashIT! - serving solutions. Devices from \"PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH\" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "office@cyberdanube.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "office@cyberdanube.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-749"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.cashit.at/",
+      "source": "office@cyberdanube.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-442xx/CVE-2023-44217.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-44217",
+  "sourceIdentifier": "PSIRT@sonicwall.com",
+  "published": "2023-10-03T08:15:36.000",
+  "lastModified": "2023-10-03T08:15:36.000",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nA local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "PSIRT@sonicwall.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0013",
+      "source": "PSIRT@sonicwall.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-442xx/CVE-2023-44218.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-44218",
+  "sourceIdentifier": "PSIRT@sonicwall.com",
+  "published": "2023-10-03T08:15:36.067",
+  "lastModified": "2023-10-03T08:15:36.067",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nA flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "PSIRT@sonicwall.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "PSIRT@sonicwall.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-267"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0014",
+      "source": "PSIRT@sonicwall.com"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-10-03T08:00:25.266976+00:00
+2023-10-03T10:00:25.158484+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-10-03T06:15:48.337000+00:00
+2023-10-03T09:15:10.247000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,66 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-226817
+226822
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `22`
+Recently added CVEs: `5`
 
-* [CVE-2023-21673](CVE-2023/CVE-2023-216xx/CVE-2023-21673.json) (`2023-10-03T06:15:16.413`)
-* [CVE-2023-22382](CVE-2023/CVE-2023-223xx/CVE-2023-22382.json) (`2023-10-03T06:15:18.617`)
-* [CVE-2023-22384](CVE-2023/CVE-2023-223xx/CVE-2023-22384.json) (`2023-10-03T06:15:19.860`)
-* [CVE-2023-22385](CVE-2023/CVE-2023-223xx/CVE-2023-22385.json) (`2023-10-03T06:15:21.053`)
-* [CVE-2023-24843](CVE-2023/CVE-2023-248xx/CVE-2023-24843.json) (`2023-10-03T06:15:22.160`)
-* [CVE-2023-24844](CVE-2023/CVE-2023-248xx/CVE-2023-24844.json) (`2023-10-03T06:15:22.293`)
-* [CVE-2023-24847](CVE-2023/CVE-2023-248xx/CVE-2023-24847.json) (`2023-10-03T06:15:22.620`)
-* [CVE-2023-24848](CVE-2023/CVE-2023-248xx/CVE-2023-24848.json) (`2023-10-03T06:15:22.953`)
-* [CVE-2023-24849](CVE-2023/CVE-2023-248xx/CVE-2023-24849.json) (`2023-10-03T06:15:23.050`)
-* [CVE-2023-24850](CVE-2023/CVE-2023-248xx/CVE-2023-24850.json) (`2023-10-03T06:15:23.360`)
-* [CVE-2023-24853](CVE-2023/CVE-2023-248xx/CVE-2023-24853.json) (`2023-10-03T06:15:23.710`)
-* [CVE-2023-24855](CVE-2023/CVE-2023-248xx/CVE-2023-24855.json) (`2023-10-03T06:15:23.950`)
-* [CVE-2023-28539](CVE-2023/CVE-2023-285xx/CVE-2023-28539.json) (`2023-10-03T06:15:24.117`)
-* [CVE-2023-28540](CVE-2023/CVE-2023-285xx/CVE-2023-28540.json) (`2023-10-03T06:15:24.370`)
-* [CVE-2023-28571](CVE-2023/CVE-2023-285xx/CVE-2023-28571.json) (`2023-10-03T06:15:24.657`)
-* [CVE-2023-33026](CVE-2023/CVE-2023-330xx/CVE-2023-33026.json) (`2023-10-03T06:15:26.620`)
-* [CVE-2023-33027](CVE-2023/CVE-2023-330xx/CVE-2023-33027.json) (`2023-10-03T06:15:26.850`)
-* [CVE-2023-33028](CVE-2023/CVE-2023-330xx/CVE-2023-33028.json) (`2023-10-03T06:15:27.103`)
-* [CVE-2023-33029](CVE-2023/CVE-2023-330xx/CVE-2023-33029.json) (`2023-10-03T06:15:27.360`)
-* [CVE-2023-33034](CVE-2023/CVE-2023-330xx/CVE-2023-33034.json) (`2023-10-03T06:15:27.607`)
-* [CVE-2023-33035](CVE-2023/CVE-2023-330xx/CVE-2023-33035.json) (`2023-10-03T06:15:27.787`)
-* [CVE-2023-33039](CVE-2023/CVE-2023-330xx/CVE-2023-33039.json) (`2023-10-03T06:15:27.877`)
+* [CVE-2023-3655](CVE-2023/CVE-2023-36xx/CVE-2023-3655.json) (`2023-10-03T08:15:35.680`)
+* [CVE-2023-3656](CVE-2023/CVE-2023-36xx/CVE-2023-3656.json) (`2023-10-03T08:15:35.930`)
+* [CVE-2023-44217](CVE-2023/CVE-2023-442xx/CVE-2023-44217.json) (`2023-10-03T08:15:36.000`)
+* [CVE-2023-44218](CVE-2023/CVE-2023-442xx/CVE-2023-44218.json) (`2023-10-03T08:15:36.067`)
+* [CVE-2023-3654](CVE-2023/CVE-2023-36xx/CVE-2023-3654.json) (`2023-10-03T09:15:10.247`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `78`
+Recently modified CVEs: `0`
 
-* [CVE-2023-40541](CVE-2023/CVE-2023-405xx/CVE-2023-40541.json) (`2023-10-03T06:15:41.200`)
-* [CVE-2023-41063](CVE-2023/CVE-2023-410xx/CVE-2023-41063.json) (`2023-10-03T06:15:41.463`)
-* [CVE-2023-41065](CVE-2023/CVE-2023-410xx/CVE-2023-41065.json) (`2023-10-03T06:15:41.593`)
-* [CVE-2023-41066](CVE-2023/CVE-2023-410xx/CVE-2023-41066.json) (`2023-10-03T06:15:41.870`)
-* [CVE-2023-41067](CVE-2023/CVE-2023-410xx/CVE-2023-41067.json) (`2023-10-03T06:15:42.317`)
-* [CVE-2023-41068](CVE-2023/CVE-2023-410xx/CVE-2023-41068.json) (`2023-10-03T06:15:43.013`)
-* [CVE-2023-41070](CVE-2023/CVE-2023-410xx/CVE-2023-41070.json) (`2023-10-03T06:15:43.233`)
-* [CVE-2023-41071](CVE-2023/CVE-2023-410xx/CVE-2023-41071.json) (`2023-10-03T06:15:43.443`)
-* [CVE-2023-41073](CVE-2023/CVE-2023-410xx/CVE-2023-41073.json) (`2023-10-03T06:15:43.807`)
-* [CVE-2023-41074](CVE-2023/CVE-2023-410xx/CVE-2023-41074.json) (`2023-10-03T06:15:44.263`)
-* [CVE-2023-41078](CVE-2023/CVE-2023-410xx/CVE-2023-41078.json) (`2023-10-03T06:15:44.393`)
-* [CVE-2023-41079](CVE-2023/CVE-2023-410xx/CVE-2023-41079.json) (`2023-10-03T06:15:44.543`)
-* [CVE-2023-41174](CVE-2023/CVE-2023-411xx/CVE-2023-41174.json) (`2023-10-03T06:15:44.887`)
-* [CVE-2023-41232](CVE-2023/CVE-2023-412xx/CVE-2023-41232.json) (`2023-10-03T06:15:45.157`)
-* [CVE-2023-41968](CVE-2023/CVE-2023-419xx/CVE-2023-41968.json) (`2023-10-03T06:15:45.570`)
-* [CVE-2023-41979](CVE-2023/CVE-2023-419xx/CVE-2023-41979.json) (`2023-10-03T06:15:46.010`)
-* [CVE-2023-41980](CVE-2023/CVE-2023-419xx/CVE-2023-41980.json) (`2023-10-03T06:15:46.110`)
-* [CVE-2023-41981](CVE-2023/CVE-2023-419xx/CVE-2023-41981.json) (`2023-10-03T06:15:46.307`)
-* [CVE-2023-41984](CVE-2023/CVE-2023-419xx/CVE-2023-41984.json) (`2023-10-03T06:15:46.577`)
-* [CVE-2023-41986](CVE-2023/CVE-2023-419xx/CVE-2023-41986.json) (`2023-10-03T06:15:46.933`)
-* [CVE-2023-41991](CVE-2023/CVE-2023-419xx/CVE-2023-41991.json) (`2023-10-03T06:15:47.193`)
-* [CVE-2023-41992](CVE-2023/CVE-2023-419xx/CVE-2023-41992.json) (`2023-10-03T06:15:47.630`)
-* [CVE-2023-41993](CVE-2023/CVE-2023-419xx/CVE-2023-41993.json) (`2023-10-03T06:15:47.883`)
-* [CVE-2023-41995](CVE-2023/CVE-2023-419xx/CVE-2023-41995.json) (`2023-10-03T06:15:48.117`)
-* [CVE-2023-41996](CVE-2023/CVE-2023-419xx/CVE-2023-41996.json) (`2023-10-03T06:15:48.337`)
 
 
 ## Download and Usage