From 6c012ce7b314f2cd42a9ef20e0247f08d2e17aae Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 5 Oct 2023 22:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-05T22:00:24.999722+00:00 --- CVE-2023/CVE-2023-393xx/CVE-2023-39323.json | 32 +++++++++++ CVE-2023/CVE-2023-409xx/CVE-2023-40920.json | 20 +++++++ CVE-2023/CVE-2023-432xx/CVE-2023-43284.json | 24 +++++++++ CVE-2023/CVE-2023-439xx/CVE-2023-43981.json | 20 +++++++ CVE-2023/CVE-2023-439xx/CVE-2023-43983.json | 20 +++++++ CVE-2023/CVE-2023-440xx/CVE-2023-44024.json | 20 +++++++ CVE-2023/CVE-2023-54xx/CVE-2023-5441.json | 59 +++++++++++++++++++++ README.md | 59 +++++---------------- 8 files changed, 207 insertions(+), 47 deletions(-) create mode 100644 CVE-2023/CVE-2023-393xx/CVE-2023-39323.json create mode 100644 CVE-2023/CVE-2023-409xx/CVE-2023-40920.json create mode 100644 CVE-2023/CVE-2023-432xx/CVE-2023-43284.json create mode 100644 CVE-2023/CVE-2023-439xx/CVE-2023-43981.json create mode 100644 CVE-2023/CVE-2023-439xx/CVE-2023-43983.json create mode 100644 CVE-2023/CVE-2023-440xx/CVE-2023-44024.json create mode 100644 CVE-2023/CVE-2023-54xx/CVE-2023-5441.json diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39323.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39323.json new file mode 100644 index 00000000000..80a2ef7965a --- /dev/null +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39323.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-39323", + "sourceIdentifier": "security@golang.org", + "published": "2023-10-05T21:15:11.283", + "lastModified": "2023-10-05T21:15:11.283", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Line directives (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://go.dev/cl/533215", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/issue/63211", + "source": "security@golang.org" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/XBa1oHDevAo", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2023-2095", + "source": "security@golang.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40920.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40920.json new file mode 100644 index 00000000000..603e2710e34 --- /dev/null +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40920.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40920", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-05T20:15:13.013", + "lastModified": "2023-10-05T20:15:13.013", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts()." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://security.friendsofpresta.org/modules/2023/10/05/prixanconnect.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-432xx/CVE-2023-43284.json b/CVE-2023/CVE-2023-432xx/CVE-2023-43284.json new file mode 100644 index 00000000000..0f01cf8dae4 --- /dev/null +++ b/CVE-2023/CVE-2023-432xx/CVE-2023-43284.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-43284", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-05T20:15:13.117", + "lastModified": "2023-10-05T20:15:13.117", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/MateusTesser/CVE-2023-43284", + "source": "cve@mitre.org" + }, + { + "url": "https://youtu.be/Y8osw_xU6-0", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43981.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43981.json new file mode 100644 index 00000000000..17ce3ff3a7a --- /dev/null +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43981.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-43981", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-05T20:15:13.200", + "lastModified": "2023-10-05T20:15:13.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://security.friendsofpresta.org/modules/2023/10/03/testsitecreator.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43983.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43983.json new file mode 100644 index 00000000000..eb2d16c47f5 --- /dev/null +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43983.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-43983", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-05T20:15:13.250", + "lastModified": "2023-10-05T20:15:13.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://security.friendsofpresta.org/modules/2023/10/03/attributegrid.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44024.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44024.json new file mode 100644 index 00000000000..3f8152a7fcb --- /dev/null +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44024.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-44024", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-05T20:15:13.303", + "lastModified": "2023-10-05T20:15:13.303", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://security.friendsofpresta.org/modules/2023/10/05/supercheckout.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5441.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5441.json new file mode 100644 index 00000000000..86f2ff89e0d --- /dev/null +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5441.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5441", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-05T21:15:11.413", + "lastModified": "2023-10-05T21:15:11.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 68743d50971..03a83c39a5c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-05T20:01:33.228399+00:00 +2023-10-05T22:00:24.999722+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-05T19:15:11.573000+00:00 +2023-10-05T21:15:11.413000+00:00 ``` ### Last Data Feed Release @@ -29,61 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227066 +227073 ``` ### CVEs added in the last Commit -Recently added CVEs: `17` +Recently added CVEs: `7` -* [CVE-2023-43068](CVE-2023/CVE-2023-430xx/CVE-2023-43068.json) (`2023-10-05T18:15:12.027`) -* [CVE-2023-43069](CVE-2023/CVE-2023-430xx/CVE-2023-43069.json) (`2023-10-05T18:15:12.140`) -* [CVE-2023-43070](CVE-2023/CVE-2023-430xx/CVE-2023-43070.json) (`2023-10-05T18:15:12.240`) -* [CVE-2023-43071](CVE-2023/CVE-2023-430xx/CVE-2023-43071.json) (`2023-10-05T18:15:12.347`) -* [CVE-2023-43072](CVE-2023/CVE-2023-430xx/CVE-2023-43072.json) (`2023-10-05T18:15:12.463`) -* [CVE-2023-43073](CVE-2023/CVE-2023-430xx/CVE-2023-43073.json) (`2023-10-05T18:15:12.563`) -* [CVE-2023-44386](CVE-2023/CVE-2023-443xx/CVE-2023-44386.json) (`2023-10-05T18:15:12.667`) -* [CVE-2023-44387](CVE-2023/CVE-2023-443xx/CVE-2023-44387.json) (`2023-10-05T18:15:12.787`) -* [CVE-2023-4401](CVE-2023/CVE-2023-44xx/CVE-2023-4401.json) (`2023-10-05T18:15:13.087`) -* [CVE-2023-5346](CVE-2023/CVE-2023-53xx/CVE-2023-5346.json) (`2023-10-05T18:15:13.270`) -* [CVE-2023-5423](CVE-2023/CVE-2023-54xx/CVE-2023-5423.json) (`2023-10-05T18:15:13.330`) -* [CVE-2023-32485](CVE-2023/CVE-2023-324xx/CVE-2023-32485.json) (`2023-10-05T19:15:11.163`) -* [CVE-2023-40745](CVE-2023/CVE-2023-407xx/CVE-2023-40745.json) (`2023-10-05T19:15:11.260`) -* [CVE-2023-41175](CVE-2023/CVE-2023-411xx/CVE-2023-41175.json) (`2023-10-05T19:15:11.340`) -* [CVE-2023-42754](CVE-2023/CVE-2023-427xx/CVE-2023-42754.json) (`2023-10-05T19:15:11.413`) -* [CVE-2023-42755](CVE-2023/CVE-2023-427xx/CVE-2023-42755.json) (`2023-10-05T19:15:11.497`) -* [CVE-2023-43260](CVE-2023/CVE-2023-432xx/CVE-2023-43260.json) (`2023-10-05T19:15:11.573`) +* [CVE-2023-40920](CVE-2023/CVE-2023-409xx/CVE-2023-40920.json) (`2023-10-05T20:15:13.013`) +* [CVE-2023-43284](CVE-2023/CVE-2023-432xx/CVE-2023-43284.json) (`2023-10-05T20:15:13.117`) +* [CVE-2023-43981](CVE-2023/CVE-2023-439xx/CVE-2023-43981.json) (`2023-10-05T20:15:13.200`) +* [CVE-2023-43983](CVE-2023/CVE-2023-439xx/CVE-2023-43983.json) (`2023-10-05T20:15:13.250`) +* [CVE-2023-44024](CVE-2023/CVE-2023-440xx/CVE-2023-44024.json) (`2023-10-05T20:15:13.303`) +* [CVE-2023-39323](CVE-2023/CVE-2023-393xx/CVE-2023-39323.json) (`2023-10-05T21:15:11.283`) +* [CVE-2023-5441](CVE-2023/CVE-2023-54xx/CVE-2023-5441.json) (`2023-10-05T21:15:11.413`) ### CVEs modified in the last Commit -Recently modified CVEs: `29` +Recently modified CVEs: `0` -* [CVE-2023-27433](CVE-2023/CVE-2023-274xx/CVE-2023-27433.json) (`2023-10-05T18:10:37.703`) -* [CVE-2023-25025](CVE-2023/CVE-2023-250xx/CVE-2023-25025.json) (`2023-10-05T18:10:51.417`) -* [CVE-2023-5373](CVE-2023/CVE-2023-53xx/CVE-2023-5373.json) (`2023-10-05T18:12:03.847`) -* [CVE-2023-4090](CVE-2023/CVE-2023-40xx/CVE-2023-4090.json) (`2023-10-05T18:12:19.200`) -* [CVE-2023-4037](CVE-2023/CVE-2023-40xx/CVE-2023-4037.json) (`2023-10-05T18:12:37.073`) -* [CVE-2023-44208](CVE-2023/CVE-2023-442xx/CVE-2023-44208.json) (`2023-10-05T18:14:38.207`) -* [CVE-2023-30736](CVE-2023/CVE-2023-307xx/CVE-2023-30736.json) (`2023-10-05T18:15:11.427`) -* [CVE-2023-0330](CVE-2023/CVE-2023-03xx/CVE-2023-0330.json) (`2023-10-05T18:15:11.690`) -* [CVE-2023-3180](CVE-2023/CVE-2023-31xx/CVE-2023-3180.json) (`2023-10-05T18:15:11.830`) -* [CVE-2023-42331](CVE-2023/CVE-2023-423xx/CVE-2023-42331.json) (`2023-10-05T18:15:11.930`) -* [CVE-2023-4354](CVE-2023/CVE-2023-43xx/CVE-2023-4354.json) (`2023-10-05T18:15:12.923`) -* [CVE-2023-4355](CVE-2023/CVE-2023-43xx/CVE-2023-4355.json) (`2023-10-05T18:15:13.017`) -* [CVE-2023-4427](CVE-2023/CVE-2023-44xx/CVE-2023-4427.json) (`2023-10-05T18:15:13.177`) -* [CVE-2023-43898](CVE-2023/CVE-2023-438xx/CVE-2023-43898.json) (`2023-10-05T18:23:15.117`) -* [CVE-2023-40559](CVE-2023/CVE-2023-405xx/CVE-2023-40559.json) (`2023-10-05T18:23:25.127`) -* [CVE-2023-5357](CVE-2023/CVE-2023-53xx/CVE-2023-5357.json) (`2023-10-05T18:23:35.933`) -* [CVE-2023-5374](CVE-2023/CVE-2023-53xx/CVE-2023-5374.json) (`2023-10-05T18:24:56.450`) -* [CVE-2023-5375](CVE-2023/CVE-2023-53xx/CVE-2023-5375.json) (`2023-10-05T18:26:45.907`) -* [CVE-2023-30733](CVE-2023/CVE-2023-307xx/CVE-2023-30733.json) (`2023-10-05T18:33:04.763`) -* [CVE-2023-30738](CVE-2023/CVE-2023-307xx/CVE-2023-30738.json) (`2023-10-05T18:33:07.273`) -* [CVE-2023-30732](CVE-2023/CVE-2023-307xx/CVE-2023-30732.json) (`2023-10-05T19:07:11.443`) -* [CVE-2023-30731](CVE-2023/CVE-2023-307xx/CVE-2023-30731.json) (`2023-10-05T19:10:57.843`) -* [CVE-2023-30727](CVE-2023/CVE-2023-307xx/CVE-2023-30727.json) (`2023-10-05T19:11:49.360`) -* [CVE-2023-2306](CVE-2023/CVE-2023-23xx/CVE-2023-2306.json) (`2023-10-05T19:13:42.317`) -* [CVE-2023-30692](CVE-2023/CVE-2023-306xx/CVE-2023-30692.json) (`2023-10-05T19:14:49.637`) ## Download and Usage