Auto-Update: 2023-09-20T10:00:25.608076+00:00

2025-05-30 10:10:41 +00:00 · 2023-09-20 10:00:29 +00:00 · 2023-09-20 10:00:29 +00:00 · 6f375727f4
commit 6f375727f4
parent 2d3d789201
7 changed files with 290 additions and 11 deletions
--- a/CVE-2022/CVE-2022-475xx/CVE-2022-47560.json
+++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47560.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2022-47560",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2023-09-20T08:15:10.787",
+  "lastModified": "2023-09-20T08:15:10.787",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** UNSUPPPORTED WHEN ASSIGNED ** The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in."
+    },
+    {
+      "lang": "es",
+      "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** La falta de control de solicitudes web en dispositivos ekorCCP y ekorRCI permite a un atacante potencial crear solicitudes personalizadas para ejecutar acciones maliciosas cuando un usuario inicia sesi\u00f3n."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-319"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-475xx/CVE-2022-47561.json
+++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47561.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2022-47561",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2023-09-20T08:15:15.380",
+  "lastModified": "2023-09-20T08:15:15.380",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the \"admin.xml\" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions."
+    },
+    {
+      "lang": "es",
+      "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** La aplicaci\u00f3n web almacena las credenciales en texto sin cifrar en el archivo \"admin.xml\", al que se puede acceder sin iniciar sesi\u00f3n en el sitio web, lo que podr\u00eda permitir a un atacante obtener credenciales relacionados con todos los usuarios, incluidos los usuarios administradores. , en texto claro, y utilizarlos para ejecutar posteriormente acciones maliciosas."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-256"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-475xx/CVE-2022-47562.json
+++ b/CVE-2022/CVE-2022-475xx/CVE-2022-47562.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2022-47562",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2023-09-20T08:15:15.937",
+  "lastModified": "2023-09-20T08:15:15.937",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition."
+    },
+    {
+      "lang": "es",
+      "value": "** NO SOPORTADO CUANDO EST\u00c1 ASIGNADO ** Vulnerabilidad en el servicio RCPbind que se ejecuta en el puerto UDP (111), lo que permite a un atacante remoto crear una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-770"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-ormazabal-products",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-226xx/CVE-2023-22644.json
+++ b/CVE-2023/CVE-2023-226xx/CVE-2023-22644.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-22644",
+  "sourceIdentifier": "meissner@suse.de",
+  "published": "2023-09-20T09:15:12.837",
+  "lastModified": "2023-09-20T09:15:12.837",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged.\nThis issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "meissner@suse.de",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.8,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.0,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "meissner@suse.de",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-532"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22644",
+      "source": "meissner@suse.de"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41374.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41374.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-41374",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-09-20T09:15:16.827",
+  "lastModified": "2023-09-20T09:15:16.827",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU95282683/index.html",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41375.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41375.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-41375",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-09-20T09:15:17.357",
+  "lastModified": "2023-09-20T09:15:17.357",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU95282683/index.html",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.electronics.jtekt.co.jp/en/topics/202309125391/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-09-20T08:00:26.422619+00:00
+2023-09-20T10:00:25.608076+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-09-20T06:15:10.950000+00:00
+2023-09-20T09:15:17.357000+00:00
 ```

 ### Last Data Feed Release
@ -29,20 +29,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-225878
+225884
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `7`
+Recently added CVEs: `6`

-* [CVE-2023-2163](CVE-2023/CVE-2023-21xx/CVE-2023-2163.json) (`2023-09-20T06:15:10.233`)
-* [CVE-2023-43616](CVE-2023/CVE-2023-436xx/CVE-2023-43616.json) (`2023-09-20T06:15:10.523`)
-* [CVE-2023-43617](CVE-2023/CVE-2023-436xx/CVE-2023-43617.json) (`2023-09-20T06:15:10.617`)
-* [CVE-2023-43618](CVE-2023/CVE-2023-436xx/CVE-2023-43618.json) (`2023-09-20T06:15:10.693`)
-* [CVE-2023-43619](CVE-2023/CVE-2023-436xx/CVE-2023-43619.json) (`2023-09-20T06:15:10.773`)
-* [CVE-2023-43620](CVE-2023/CVE-2023-436xx/CVE-2023-43620.json) (`2023-09-20T06:15:10.870`)
-* [CVE-2023-43621](CVE-2023/CVE-2023-436xx/CVE-2023-43621.json) (`2023-09-20T06:15:10.950`)
+* [CVE-2022-47560](CVE-2022/CVE-2022-475xx/CVE-2022-47560.json) (`2023-09-20T08:15:10.787`)
+* [CVE-2022-47561](CVE-2022/CVE-2022-475xx/CVE-2022-47561.json) (`2023-09-20T08:15:15.380`)
+* [CVE-2022-47562](CVE-2022/CVE-2022-475xx/CVE-2022-47562.json) (`2023-09-20T08:15:15.937`)
+* [CVE-2023-22644](CVE-2023/CVE-2023-226xx/CVE-2023-22644.json) (`2023-09-20T09:15:12.837`)
+* [CVE-2023-41374](CVE-2023/CVE-2023-413xx/CVE-2023-41374.json) (`2023-09-20T09:15:16.827`)
+* [CVE-2023-41375](CVE-2023/CVE-2023-413xx/CVE-2023-41375.json) (`2023-09-20T09:15:17.357`)


 ### CVEs modified in the last Commit