Auto-Update: 2023-10-09T18:00:24.981599+00:00

2025-07-09 16:05:11 +00:00 · 2023-10-09 18:00:28 +00:00 · 2023-10-09 18:00:28 +00:00 · 544874e528
commit 544874e528
parent 3972e7a8c3
11 changed files with 329 additions and 41 deletions
--- a/CVE-2019/CVE-2019-56xx/CVE-2019-5638.json
+++ b/CVE-2019/CVE-2019-56xx/CVE-2019-5638.json
@ -2,12 +2,12 @@
  "id": "CVE-2019-5638",
  "sourceIdentifier": "cve@rapid7.con",
  "published": "2019-08-21T20:15:13.007",
-  "lastModified": "2019-10-09T23:51:01.747",
+  "lastModified": "2023-10-09T16:15:10.183",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage."
+      "value": "Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage.\n\n"
    },
    {
      "lang": "es",
@ -15,6 +15,28 @@
    }
  ],
  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@rapid7.con",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.7,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 5.8
+      }
+    ],
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
@ -35,26 +57,6 @@
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
-      },
-      {
-        "source": "cve@rapid7.con",
-        "type": "Secondary",
-        "cvssData": {
-          "version": "3.0",
-          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
-          "attackVector": "NETWORK",
-          "attackComplexity": "LOW",
-          "privilegesRequired": "LOW",
-          "userInteraction": "REQUIRED",
-          "scope": "CHANGED",
-          "confidentialityImpact": "HIGH",
-          "integrityImpact": "HIGH",
-          "availabilityImpact": "NONE",
-          "baseScore": 8.7,
-          "baseSeverity": "HIGH"
-        },
-        "exploitabilityScore": 2.3,
-        "impactScore": 5.8
      }
    ],
    "cvssMetricV2": [
@ -124,6 +126,10 @@
    }
  ],
  "references": [
+    {
+      "url": "https://docs.rapid7.com/insightvm/enable-insightvm-platform-login",
+      "source": "cve@rapid7.con"
+    },
    {
      "url": "https://help.rapid7.com/nexpose/en-us/release-notes/archive/2019/02/",
      "source": "cve@rapid7.con",
--- a/CVE-2023/CVE-2023-309xx/CVE-2023-30910.json
+++ b/CVE-2023/CVE-2023-309xx/CVE-2023-30910.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-30910",
+  "sourceIdentifier": "security-alert@hpe.com",
+  "published": "2023-10-09T16:15:10.400",
+  "lastModified": "2023-10-09T16:15:10.400",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "HPE MSA Controller prior to version\u00a0IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests.\u00a0"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-alert@hpe.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-alert@hpe.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-444"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbst04539en_us",
+      "source": "security-alert@hpe.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-410xx/CVE-2023-41047.json
+++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41047.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-41047",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-10-09T16:15:10.480",
+  "lastModified": "2023-10-09T16:15:10.480",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.2,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.7,
+        "impactScore": 5.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-1336"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/OctoPrint/OctoPrint/commit/d0072cff894509c77e243d6562245ad3079e17db",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/OctoPrint/OctoPrint/releases/tag/1.9.3",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-fwfg-vprh-97ph",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-424xx/CVE-2023-42455.json
+++ b/CVE-2023/CVE-2023-424xx/CVE-2023-42455.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-42455",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-10-09T17:15:09.923",
+  "lastModified": "2023-10-09T17:15:09.923",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-639"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/wazuh/wazuh-dashboard-plugins/issues/5427",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/wazuh/wazuh-kibana-app/pull/5428",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/wazuh/wazuh-kibana-app/security/advisories/GHSA-8w7x-52r7-qvjf",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-444xx/CVE-2023-44400.json
+++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44400.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-44400",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-10-09T16:15:10.567",
+  "lastModified": "2023-10-09T16:15:10.567",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-384"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/louislam/uptime-kuma/commit/88afab6571ef7d4d41bb395cdb6ecd3968835a4a",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/louislam/uptime-kuma/issues/3481",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-g9v2-wqcj-j99g",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-51xx/CVE-2023-5169.json
+++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5169.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-5169",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2023-09-27T15:19:42.127",
-  "lastModified": "2023-10-05T23:15:09.523",
+  "lastModified": "2023-10-09T16:15:10.647",
  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
@ -122,6 +122,10 @@
        "Third Party Advisory"
      ]
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html",
+      "source": "security@mozilla.org"
+    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/",
      "source": "security@mozilla.org"
--- a/CVE-2023/CVE-2023-51xx/CVE-2023-5171.json
+++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5171.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-5171",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2023-09-27T15:19:42.227",
-  "lastModified": "2023-10-05T23:15:09.640",
+  "lastModified": "2023-10-09T16:15:10.783",
  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
@ -123,6 +123,10 @@
        "Third Party Advisory"
      ]
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html",
+      "source": "security@mozilla.org"
+    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AY642Z6JZODQJE7Z62CFREVUHEGCXGPD/",
      "source": "security@mozilla.org"
--- a/CVE-2023/CVE-2023-51xx/CVE-2023-5176.json
+++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5176.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-5176",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2023-09-27T15:19:42.767",
-  "lastModified": "2023-10-03T22:15:10.717",
-  "vulnStatus": "Modified",
+  "lastModified": "2023-10-09T16:15:10.870",
+  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
      "lang": "en",
@ -116,6 +116,10 @@
        "Third Party Advisory"
      ]
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html",
+      "source": "security@mozilla.org"
+    },
    {
      "url": "https://www.debian.org/security/2023/dsa-5506",
      "source": "security@mozilla.org",
--- a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
+++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-5217",
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "published": "2023-09-28T16:15:10.980",
-  "lastModified": "2023-10-06T06:15:12.867",
-  "vulnStatus": "Undergoing Analysis",
+  "lastModified": "2023-10-09T16:15:10.960",
+  "vulnStatus": "Modified",
  "cisaExploitAdd": "2023-10-02",
  "cisaActionDue": "2023-10-23",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -254,6 +254,10 @@
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00001.html",
      "source": "chrome-cve-admin@google.com"
    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00015.html",
+      "source": "chrome-cve-admin@google.com"
+    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MFWDFJSSIFKWKNOCTQCFUNZWAXUCSS4/",
      "source": "chrome-cve-admin@google.com"
--- a/CVE-2023/CVE-2023-53xx/CVE-2023-5365.json
+++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5365.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-5365",
+  "sourceIdentifier": "hp-security-alert@hp.com",
+  "published": "2023-10-09T16:15:11.117",
+  "lastModified": "2023-10-09T16:15:11.117",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://support.hp.com/us-en/document/ish_9393937-9393961-16/hpsbgn03870",
+      "source": "hp-security-alert@hp.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-10-09T16:00:24.330729+00:00
+2023-10-09T18:00:24.981599+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-10-09T15:15:10.057000+00:00
+2023-10-09T17:15:09.923000+00:00
 ```

 ### Last Data Feed Release
@ -29,27 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-227233
+227238
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `7`
+Recently added CVEs: `5`

-* [CVE-2022-35950](CVE-2022/CVE-2022-359xx/CVE-2022-35950.json) (`2023-10-09T14:15:10.437`)
-* [CVE-2023-25822](CVE-2023/CVE-2023-258xx/CVE-2023-25822.json) (`2023-10-09T14:15:10.547`)
-* [CVE-2023-36820](CVE-2023/CVE-2023-368xx/CVE-2023-36820.json) (`2023-10-09T14:15:10.640`)
-* [CVE-2023-41660](CVE-2023/CVE-2023-416xx/CVE-2023-41660.json) (`2023-10-09T14:15:10.723`)
-* [CVE-2023-43643](CVE-2023/CVE-2023-436xx/CVE-2023-43643.json) (`2023-10-09T14:15:10.797`)
-* [CVE-2023-44378](CVE-2023/CVE-2023-443xx/CVE-2023-44378.json) (`2023-10-09T14:15:10.873`)
-* [CVE-2023-44393](CVE-2023/CVE-2023-443xx/CVE-2023-44393.json) (`2023-10-09T15:15:10.057`)
+* [CVE-2023-30910](CVE-2023/CVE-2023-309xx/CVE-2023-30910.json) (`2023-10-09T16:15:10.400`)
+* [CVE-2023-41047](CVE-2023/CVE-2023-410xx/CVE-2023-41047.json) (`2023-10-09T16:15:10.480`)
+* [CVE-2023-44400](CVE-2023/CVE-2023-444xx/CVE-2023-44400.json) (`2023-10-09T16:15:10.567`)
+* [CVE-2023-5365](CVE-2023/CVE-2023-53xx/CVE-2023-5365.json) (`2023-10-09T16:15:11.117`)
+* [CVE-2023-42455](CVE-2023/CVE-2023-424xx/CVE-2023-42455.json) (`2023-10-09T17:15:09.923`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `5`

-* [CVE-2023-39928](CVE-2023/CVE-2023-399xx/CVE-2023-39928.json) (`2023-10-09T15:15:09.890`)
+* [CVE-2019-5638](CVE-2019/CVE-2019-56xx/CVE-2019-5638.json) (`2023-10-09T16:15:10.183`)
+* [CVE-2023-5169](CVE-2023/CVE-2023-51xx/CVE-2023-5169.json) (`2023-10-09T16:15:10.647`)
+* [CVE-2023-5171](CVE-2023/CVE-2023-51xx/CVE-2023-5171.json) (`2023-10-09T16:15:10.783`)
+* [CVE-2023-5176](CVE-2023/CVE-2023-51xx/CVE-2023-5176.json) (`2023-10-09T16:15:10.870`)
+* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-10-09T16:15:10.960`)


 ## Download and Usage