From 5028e079df20e03c574831b40175642a1a77c55c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 13 Sep 2023 23:55:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-13T23:55:25.093255+00:00 --- CVE-2023/CVE-2023-238xx/CVE-2023-23840.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-238xx/CVE-2023-23845.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-406xx/CVE-2023-40617.json | 20 +++++++ CVE-2023/CVE-2023-411xx/CVE-2023-41152.json | 24 +++++++++ CVE-2023/CVE-2023-411xx/CVE-2023-41154.json | 24 +++++++++ CVE-2023/CVE-2023-411xx/CVE-2023-41155.json | 24 +++++++++ CVE-2023/CVE-2023-411xx/CVE-2023-41158.json | 24 +++++++++ CVE-2023/CVE-2023-411xx/CVE-2023-41162.json | 24 +++++++++ README.md | 20 ++++--- 9 files changed, 270 insertions(+), 8 deletions(-) create mode 100644 CVE-2023/CVE-2023-238xx/CVE-2023-23840.json create mode 100644 CVE-2023/CVE-2023-238xx/CVE-2023-23845.json create mode 100644 CVE-2023/CVE-2023-406xx/CVE-2023-40617.json create mode 100644 CVE-2023/CVE-2023-411xx/CVE-2023-41152.json create mode 100644 CVE-2023/CVE-2023-411xx/CVE-2023-41154.json create mode 100644 CVE-2023/CVE-2023-411xx/CVE-2023-41155.json create mode 100644 CVE-2023/CVE-2023-411xx/CVE-2023-41158.json create mode 100644 CVE-2023/CVE-2023-411xx/CVE-2023-41162.json diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23840.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23840.json new file mode 100644 index 00000000000..d236125687a --- /dev/null +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23840.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-23840", + "sourceIdentifier": "psirt@solarwinds.com", + "published": "2023-09-13T23:15:07.820", + "lastModified": "2023-09-13T23:15:07.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@solarwinds.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@solarwinds.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-749" + } + ] + } + ], + "references": [ + { + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm", + "source": "psirt@solarwinds.com" + }, + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23840", + "source": "psirt@solarwinds.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-238xx/CVE-2023-23845.json b/CVE-2023/CVE-2023-238xx/CVE-2023-23845.json new file mode 100644 index 00000000000..4a702863e76 --- /dev/null +++ b/CVE-2023/CVE-2023-238xx/CVE-2023-23845.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-23845", + "sourceIdentifier": "psirt@solarwinds.com", + "published": "2023-09-13T23:15:08.283", + "lastModified": "2023-09-13T23:15:08.283", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@solarwinds.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@solarwinds.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-749" + } + ] + } + ], + "references": [ + { + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3-1_release_notes.htm", + "source": "psirt@solarwinds.com" + }, + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23845", + "source": "psirt@solarwinds.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40617.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40617.json new file mode 100644 index 00000000000..f226e389b71 --- /dev/null +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40617.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40617", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-13T22:15:07.733", + "lastModified": "2023-09-13T22:15:07.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-40617", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41152.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41152.json new file mode 100644 index 00000000000..14a014f545e --- /dev/null +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41152.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-41152", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-13T22:15:08.490", + "lastModified": "2023-09-13T22:15:08.490", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41152", + "source": "cve@mitre.org" + }, + { + "url": "https://webmin.com/tags/webmin-changelog/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41154.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41154.json new file mode 100644 index 00000000000..5701264d5a2 --- /dev/null +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41154.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-41154", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-13T22:15:08.623", + "lastModified": "2023-09-13T22:15:08.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41154", + "source": "cve@mitre.org" + }, + { + "url": "https://webmin.com/tags/webmin-changelog/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41155.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41155.json new file mode 100644 index 00000000000..393dbf1a803 --- /dev/null +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41155.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-41155", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-13T22:15:08.747", + "lastModified": "2023-09-13T22:15:08.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155", + "source": "cve@mitre.org" + }, + { + "url": "https://webmin.com/tags/webmin-changelog/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41158.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41158.json new file mode 100644 index 00000000000..5fc6c8732d4 --- /dev/null +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41158.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-41158", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-13T22:15:08.887", + "lastModified": "2023-09-13T22:15:08.887", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41158", + "source": "cve@mitre.org" + }, + { + "url": "https://webmin.com/tags/webmin-changelog/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41162.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41162.json new file mode 100644 index 00000000000..2e7e2363e12 --- /dev/null +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41162.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-41162", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-13T22:15:09.017", + "lastModified": "2023-09-13T22:15:09.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41162", + "source": "cve@mitre.org" + }, + { + "url": "https://webmin.com/tags/webmin-changelog/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3c543e8fc6b..e979899860b 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-13T22:00:25.799204+00:00 +2023-09-13T23:55:25.093255+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-13T21:15:07.807000+00:00 +2023-09-13T23:15:08.283000+00:00 ``` ### Last Data Feed Release @@ -29,17 +29,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -224891 +224899 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `8` -* [CVE-2023-40850](CVE-2023/CVE-2023-408xx/CVE-2023-40850.json) (`2023-09-13T20:15:07.927`) -* [CVE-2023-41892](CVE-2023/CVE-2023-418xx/CVE-2023-41892.json) (`2023-09-13T20:15:08.187`) -* [CVE-2023-42468](CVE-2023/CVE-2023-424xx/CVE-2023-42468.json) (`2023-09-13T20:15:08.447`) -* [CVE-2023-4568](CVE-2023/CVE-2023-45xx/CVE-2023-4568.json) (`2023-09-13T21:15:07.807`) +* [CVE-2023-40617](CVE-2023/CVE-2023-406xx/CVE-2023-40617.json) (`2023-09-13T22:15:07.733`) +* [CVE-2023-41152](CVE-2023/CVE-2023-411xx/CVE-2023-41152.json) (`2023-09-13T22:15:08.490`) +* [CVE-2023-41154](CVE-2023/CVE-2023-411xx/CVE-2023-41154.json) (`2023-09-13T22:15:08.623`) +* [CVE-2023-41155](CVE-2023/CVE-2023-411xx/CVE-2023-41155.json) (`2023-09-13T22:15:08.747`) +* [CVE-2023-41158](CVE-2023/CVE-2023-411xx/CVE-2023-41158.json) (`2023-09-13T22:15:08.887`) +* [CVE-2023-41162](CVE-2023/CVE-2023-411xx/CVE-2023-41162.json) (`2023-09-13T22:15:09.017`) +* [CVE-2023-23840](CVE-2023/CVE-2023-238xx/CVE-2023-23840.json) (`2023-09-13T23:15:07.820`) +* [CVE-2023-23845](CVE-2023/CVE-2023-238xx/CVE-2023-23845.json) (`2023-09-13T23:15:08.283`) ### CVEs modified in the last Commit