From 68e15b4be857217464e3e55b03346615a22d618b Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Sat, 7 Oct 2023 02:00:30 +0000
Subject: [PATCH] Auto-Update: 2023-10-07T02:00:26.303445+00:00

---
 CVE-2023/CVE-2023-361xx/CVE-2023-36123.json | 24 +++++++++
 CVE-2023/CVE-2023-436xx/CVE-2023-43615.json | 20 +++++++
 CVE-2023/CVE-2023-451xx/CVE-2023-45199.json | 20 +++++++
 CVE-2023/CVE-2023-453xx/CVE-2023-45322.json |  6 ++-
 CVE-2023/CVE-2023-51xx/CVE-2023-5182.json   | 59 +++++++++++++++++++++
 README.md                                   | 33 ++++--------
 6 files changed, 138 insertions(+), 24 deletions(-)
 create mode 100644 CVE-2023/CVE-2023-361xx/CVE-2023-36123.json
 create mode 100644 CVE-2023/CVE-2023-436xx/CVE-2023-43615.json
 create mode 100644 CVE-2023/CVE-2023-451xx/CVE-2023-45199.json
 create mode 100644 CVE-2023/CVE-2023-51xx/CVE-2023-5182.json

diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36123.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36123.json
new file mode 100644
index 00000000000..c3884ebce7e
--- /dev/null
+++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36123.json
@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-36123",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-07T00:15:11.457",
+  "lastModified": "2023-10-07T00:15:11.457",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://gist.github.com/9Bakabaka/d4559b081ce0577dbf415917afc0efb5",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/9Bakabaka/CVE-2023-36123",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43615.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43615.json
new file mode 100644
index 00000000000..1749d90a40c
--- /dev/null
+++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43615.json
@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-43615",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-07T01:15:10.783",
+  "lastModified": "2023-10-07T01:15:10.783",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45199.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45199.json
new file mode 100644
index 00000000000..a668e16c9f1
--- /dev/null
+++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45199.json
@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-45199",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-07T01:15:10.840",
+  "lastModified": "2023-10-07T01:15:10.840",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45322.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45322.json
index a02d0661ecf..158d2ad0488 100644
--- a/CVE-2023/CVE-2023-453xx/CVE-2023-45322.json
+++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45322.json
@@ -2,7 +2,7 @@
   "id": "CVE-2023-45322",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-10-06T22:15:11.660",
-  "lastModified": "2023-10-06T22:23:04.467",
+  "lastModified": "2023-10-07T00:15:11.530",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
@@ -12,6 +12,10 @@
   ],
   "metrics": {},
   "references": [
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2023/10/06/5",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/344",
       "source": "cve@mitre.org"
diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5182.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5182.json
new file mode 100644
index 00000000000..700674d2d65
--- /dev/null
+++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5182.json
@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-5182",
+  "sourceIdentifier": "security@ubuntu.com",
+  "published": "2023-10-07T00:15:11.597",
+  "lastModified": "2023-10-07T00:15:11.597",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@ubuntu.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@ubuntu.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-532"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5182",
+      "source": "security@ubuntu.com"
+    },
+    {
+      "url": "https://github.com/canonical/subiquity/pull/1820/commits/62e126896fb063808767d74d00886001e38eaa1c",
+      "source": "security@ubuntu.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 1deec157fc1..5ec94ab089f 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-10-06T23:55:24.864778+00:00
+2023-10-07T02:00:26.303445+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-10-06T23:15:11.120000+00:00
+2023-10-07T01:15:10.840000+00:00
 ```
 
 ### Last Data Feed Release
@@ -23,43 +23,30 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
 
 ```plain
-2023-10-06T00:00:13.535152+00:00
+2023-10-07T00:00:13.585919+00:00
 ```
 
 ### Total Number of included CVEs
 
 ```plain
-227153
+227157
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `4`
 
-* [CVE-2022-33160](CVE-2022/CVE-2022-331xx/CVE-2022-33160.json) (`2023-10-06T22:15:11.523`)
-* [CVE-2023-45322](CVE-2023/CVE-2023-453xx/CVE-2023-45322.json) (`2023-10-06T22:15:11.660`)
-* [CVE-2023-44061](CVE-2023/CVE-2023-440xx/CVE-2023-44061.json) (`2023-10-06T23:15:11.060`)
-* [CVE-2023-44860](CVE-2023/CVE-2023-448xx/CVE-2023-44860.json) (`2023-10-06T23:15:11.120`)
+* [CVE-2023-36123](CVE-2023/CVE-2023-361xx/CVE-2023-36123.json) (`2023-10-07T00:15:11.457`)
+* [CVE-2023-5182](CVE-2023/CVE-2023-51xx/CVE-2023-5182.json) (`2023-10-07T00:15:11.597`)
+* [CVE-2023-43615](CVE-2023/CVE-2023-436xx/CVE-2023-43615.json) (`2023-10-07T01:15:10.783`)
+* [CVE-2023-45199](CVE-2023/CVE-2023-451xx/CVE-2023-45199.json) (`2023-10-07T01:15:10.840`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `14`
+Recently modified CVEs: `1`
 
-* [CVE-2022-34355](CVE-2022/CVE-2022-343xx/CVE-2022-34355.json) (`2023-10-06T22:23:04.467`)
-* [CVE-2023-5452](CVE-2023/CVE-2023-54xx/CVE-2023-5452.json) (`2023-10-06T22:23:04.467`)
-* [CVE-2023-3725](CVE-2023/CVE-2023-37xx/CVE-2023-3725.json) (`2023-10-06T22:23:04.467`)
-* [CVE-2023-45311](CVE-2023/CVE-2023-453xx/CVE-2023-45311.json) (`2023-10-06T22:23:04.467`)
-* [CVE-2023-1832](CVE-2023/CVE-2023-18xx/CVE-2023-1832.json) (`2023-10-06T22:29:49.610`)
-* [CVE-2023-40684](CVE-2023/CVE-2023-406xx/CVE-2023-40684.json) (`2023-10-06T22:30:06.407`)
-* [CVE-2023-39191](CVE-2023/CVE-2023-391xx/CVE-2023-39191.json) (`2023-10-06T22:30:30.320`)
-* [CVE-2023-38703](CVE-2023/CVE-2023-387xx/CVE-2023-38703.json) (`2023-10-06T22:30:43.150`)
-* [CVE-2023-43284](CVE-2023/CVE-2023-432xx/CVE-2023-43284.json) (`2023-10-06T22:30:50.923`)
-* [CVE-2023-44075](CVE-2023/CVE-2023-440xx/CVE-2023-44075.json) (`2023-10-06T22:31:17.653`)
-* [CVE-2023-44209](CVE-2023/CVE-2023-442xx/CVE-2023-44209.json) (`2023-10-06T22:31:38.830`)
-* [CVE-2023-44210](CVE-2023/CVE-2023-442xx/CVE-2023-44210.json) (`2023-10-06T22:31:59.547`)
-* [CVE-2023-36618](CVE-2023/CVE-2023-366xx/CVE-2023-36618.json) (`2023-10-06T22:32:14.727`)
-* [CVE-2023-36619](CVE-2023/CVE-2023-366xx/CVE-2023-36619.json) (`2023-10-06T22:32:37.880`)
+* [CVE-2023-45322](CVE-2023/CVE-2023-453xx/CVE-2023-45322.json) (`2023-10-07T00:15:11.530`)
 
 
 ## Download and Usage