From 66da99bc4fba8a4c705f7d0694452ffbcdfb1de4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 25 Aug 2023 08:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-08-25T08:00:26.388259+00:00 --- CVE-2023/CVE-2023-26xx/CVE-2023-2673.json | 22 ++++----- CVE-2023/CVE-2023-327xx/CVE-2023-32755.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-32xx/CVE-2023-3261.json | 26 +++++----- CVE-2023/CVE-2023-32xx/CVE-2023-3262.json | 18 +++---- CVE-2023/CVE-2023-32xx/CVE-2023-3264.json | 16 +++--- CVE-2023/CVE-2023-35xx/CVE-2023-3570.json | 20 ++++---- CVE-2023/CVE-2023-35xx/CVE-2023-3571.json | 20 ++++---- CVE-2023/CVE-2023-35xx/CVE-2023-3573.json | 20 ++++---- CVE-2023/CVE-2023-378xx/CVE-2023-37860.json | 16 +++--- CVE-2023/CVE-2023-411xx/CVE-2023-41173.json | 20 ++++++++ README.md | 22 ++++++--- 11 files changed, 169 insertions(+), 86 deletions(-) create mode 100644 CVE-2023/CVE-2023-327xx/CVE-2023-32755.json create mode 100644 CVE-2023/CVE-2023-411xx/CVE-2023-41173.json diff --git a/CVE-2023/CVE-2023-26xx/CVE-2023-2673.json b/CVE-2023/CVE-2023-26xx/CVE-2023-2673.json index bb757f5899c..0bc26ec28c7 100644 --- a/CVE-2023/CVE-2023-26xx/CVE-2023-2673.json +++ b/CVE-2023/CVE-2023-26xx/CVE-2023-2673.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2673", "sourceIdentifier": "info@cert.vde.com", "published": "2023-06-13T07:15:46.460", - "lastModified": "2023-06-27T18:41:28.450", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-25T06:15:07.657", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,20 +33,20 @@ "impactScore": 1.4 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", - "baseScore": 5.8, + "baseScore": 5.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 3.9, @@ -56,22 +56,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "description": [ { "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "CWE-20" } ] }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-20" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32755.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32755.json new file mode 100644 index 00000000000..cb2ef6cbe92 --- /dev/null +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32755.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-32755", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-08-25T07:15:08.273", + "lastModified": "2023-08-25T07:15:08.273", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\ne-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7328-d4112-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3261.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3261.json index 84dda1695af..331e942ac20 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3261.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3261.json @@ -2,12 +2,12 @@ "id": "CVE-2023-3261", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2023-08-14T04:15:10.940", - "lastModified": "2023-08-22T16:33:49.237", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-25T06:15:08.990", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server." + "value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server." } ], "metrics": { @@ -37,20 +37,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", + "privilegesRequired": "NONE", "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 9.1, - "baseSeverity": "CRITICAL" + "baseScore": 7.5, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.3, - "impactScore": 6.0 + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -71,7 +71,7 @@ "description": [ { "lang": "en", - "value": "CWE-78" + "value": "CWE-119" } ] } diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3262.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3262.json index 1fdd6e2904c..bdc8402d6c7 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3262.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3262.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3262", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2023-08-14T04:15:11.043", - "lastModified": "2023-08-22T16:32:19.017", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-25T06:15:09.797", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -37,20 +37,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 6.2, + "baseScore": 6.7, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.5, - "impactScore": 3.6 + "exploitabilityScore": 0.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3264.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3264.json index cc6d7b1a2ce..e568022d590 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3264.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3264.json @@ -2,12 +2,12 @@ "id": "CVE-2023-3264", "sourceIdentifier": "trellixpsirt@trellix.com", "published": "2023-08-14T05:15:09.910", - "lastModified": "2023-08-22T16:20:54.007", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-25T06:15:10.350", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution." + "value": "The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.\u00a0A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records." } ], "metrics": { @@ -37,19 +37,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 8.4, - "baseSeverity": "HIGH" + "baseScore": 6.7, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 2.5, + "exploitabilityScore": 0.8, "impactScore": 5.9 } ] diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3570.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3570.json index ab05f6375bb..a26a1cc4202 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3570.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3570.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3570", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-08T07:15:10.603", - "lastModified": "2023-08-10T15:03:15.087", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-25T07:15:08.680", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,24 +33,24 @@ "impactScore": 5.9 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.9, - "baseSeverity": "CRITICAL" + "baseScore": 8.8, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.1, - "impactScore": 6.0 + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3571.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3571.json index 1510e517fc7..d1bfcd4ff57 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3571.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3571.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3571", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-08T07:15:10.727", - "lastModified": "2023-08-10T17:08:28.947", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-25T07:15:08.840", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,24 +33,24 @@ "impactScore": 5.9 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.9, - "baseSeverity": "CRITICAL" + "baseScore": 8.8, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.1, - "impactScore": 6.0 + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-35xx/CVE-2023-3573.json b/CVE-2023/CVE-2023-35xx/CVE-2023-3573.json index d9fcdfe6729..6797aa01a16 100644 --- a/CVE-2023/CVE-2023-35xx/CVE-2023-3573.json +++ b/CVE-2023/CVE-2023-35xx/CVE-2023-3573.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3573", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-08T07:15:10.957", - "lastModified": "2023-08-10T18:07:22.647", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-25T07:15:08.990", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,24 +33,24 @@ "impactScore": 5.9 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.9, - "baseSeverity": "CRITICAL" + "baseScore": 8.8, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.1, - "impactScore": 6.0 + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-378xx/CVE-2023-37860.json b/CVE-2023/CVE-2023-378xx/CVE-2023-37860.json index 0fc37262c33..3f61ab2957a 100644 --- a/CVE-2023/CVE-2023-378xx/CVE-2023-37860.json +++ b/CVE-2023/CVE-2023-378xx/CVE-2023-37860.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37860", "sourceIdentifier": "info@cert.vde.com", "published": "2023-08-09T07:15:10.933", - "lastModified": "2023-08-15T17:11:15.667", - "vulnStatus": "Analyzed", + "lastModified": "2023-08-25T07:15:08.483", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -13,7 +13,7 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", + "source": "info@cert.vde.com", "type": "Primary", "cvssData": { "version": "3.1", @@ -33,24 +33,24 @@ "impactScore": 3.6 }, { - "source": "info@cert.vde.com", + "source": "nvd@nist.gov", "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", - "scope": "CHANGED", + "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", - "baseScore": 8.6, + "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, - "impactScore": 4.0 + "impactScore": 3.6 } ] }, diff --git a/CVE-2023/CVE-2023-411xx/CVE-2023-41173.json b/CVE-2023/CVE-2023-411xx/CVE-2023-41173.json new file mode 100644 index 00000000000..86f0fbcf4dd --- /dev/null +++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41173.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41173", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-25T07:15:09.140", + "lastModified": "2023-08-25T07:15:09.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://adguard-dns.io/en/versions.html#2.2", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 4662080db82..df76a1c02c7 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-25T06:00:25.125734+00:00 +2023-08-25T08:00:26.388259+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-25T05:15:45.643000+00:00 +2023-08-25T07:15:09.140000+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -223417 +223419 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -* [CVE-2023-40530](CVE-2023/CVE-2023-405xx/CVE-2023-40530.json) (`2023-08-25T04:15:10.487`) +* [CVE-2023-32755](CVE-2023/CVE-2023-327xx/CVE-2023-32755.json) (`2023-08-25T07:15:08.273`) +* [CVE-2023-41173](CVE-2023/CVE-2023-411xx/CVE-2023-41173.json) (`2023-08-25T07:15:09.140`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `8` -* [CVE-2023-3260](CVE-2023/CVE-2023-32xx/CVE-2023-3260.json) (`2023-08-25T05:15:45.643`) +* [CVE-2023-2673](CVE-2023/CVE-2023-26xx/CVE-2023-2673.json) (`2023-08-25T06:15:07.657`) +* [CVE-2023-3261](CVE-2023/CVE-2023-32xx/CVE-2023-3261.json) (`2023-08-25T06:15:08.990`) +* [CVE-2023-3262](CVE-2023/CVE-2023-32xx/CVE-2023-3262.json) (`2023-08-25T06:15:09.797`) +* [CVE-2023-3264](CVE-2023/CVE-2023-32xx/CVE-2023-3264.json) (`2023-08-25T06:15:10.350`) +* [CVE-2023-37860](CVE-2023/CVE-2023-378xx/CVE-2023-37860.json) (`2023-08-25T07:15:08.483`) +* [CVE-2023-3570](CVE-2023/CVE-2023-35xx/CVE-2023-3570.json) (`2023-08-25T07:15:08.680`) +* [CVE-2023-3571](CVE-2023/CVE-2023-35xx/CVE-2023-3571.json) (`2023-08-25T07:15:08.840`) +* [CVE-2023-3573](CVE-2023/CVE-2023-35xx/CVE-2023-3573.json) (`2023-08-25T07:15:08.990`) ## Download and Usage