From 72d8ddbe1aa386608502d34b34af953a4aa60a32 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 9 Oct 2023 23:55:28 +0000 Subject: [PATCH] Auto-Update: 2023-10-09T23:55:24.734270+00:00 --- CVE-2023/CVE-2023-436xx/CVE-2023-43641.json | 55 +++++++++++++ CVE-2023/CVE-2023-438xx/CVE-2023-43899.json | 24 ++++++ CVE-2023/CVE-2023-54xx/CVE-2023-5462.json | 88 +++++++++++++++++++++ CVE-2023/CVE-2023-54xx/CVE-2023-5463.json | 88 +++++++++++++++++++++ README.md | 24 ++---- 5 files changed, 263 insertions(+), 16 deletions(-) create mode 100644 CVE-2023/CVE-2023-436xx/CVE-2023-43641.json create mode 100644 CVE-2023/CVE-2023-438xx/CVE-2023-43899.json create mode 100644 CVE-2023/CVE-2023-54xx/CVE-2023-5462.json create mode 100644 CVE-2023/CVE-2023-54xx/CVE-2023-5463.json diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43641.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43641.json new file mode 100644 index 00000000000..77e07416dde --- /dev/null +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43641.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-43641", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-10-09T22:15:12.707", + "lastModified": "2023-10-09T22:15:12.707", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-438xx/CVE-2023-43899.json b/CVE-2023/CVE-2023-438xx/CVE-2023-43899.json new file mode 100644 index 00000000000..fb2f331bc05 --- /dev/null +++ b/CVE-2023/CVE-2023-438xx/CVE-2023-43899.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-43899", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-09T22:15:12.807", + "lastModified": "2023-10-09T22:15:12.807", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/len0m0/9cb2e87cb517db297be1b2f110248295", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/len0m0/hansuncmssqli/blob/main/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5462.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5462.json new file mode 100644 index 00000000000..60d9bd86d42 --- /dev/null +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5462.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5462", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-10-09T22:15:12.863", + "lastModified": "2023-10-09T22:15:12.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Modbus Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-241585 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "COMPLETE", + "baseScore": 6.1 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.5, + "impactScore": 6.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/drive/folders/1jik8hRjD8N2IkxOHP5wsJUEya09jCv2n", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.241585", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.241585", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5463.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5463.json new file mode 100644 index 00000000000..7e08ec06444 --- /dev/null +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5463.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-5463", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-10-09T22:15:12.937", + "lastModified": "2023-10-09T22:15:12.937", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 6.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/drive/folders/1mpRxWOPjxVS980r0qu1IY_Hf0irKO-cu", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.241586", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.241586", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 34b958d4fa1..e79af7ea3a9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-09T22:00:24.883787+00:00 +2023-10-09T23:55:24.734270+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-09T21:15:10.273000+00:00 +2023-10-09T22:15:12.937000+00:00 ``` ### Last Data Feed Release @@ -29,25 +29,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -227262 +227266 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `4` -* [CVE-2022-36228](CVE-2022/CVE-2022-362xx/CVE-2022-36228.json) (`2023-10-09T21:15:09.850`) -* [CVE-2022-3728](CVE-2022/CVE-2022-37xx/CVE-2022-3728.json) (`2023-10-09T21:15:09.910`) -* [CVE-2022-48182](CVE-2022/CVE-2022-481xx/CVE-2022-48182.json) (`2023-10-09T21:15:10.003`) -* [CVE-2022-48183](CVE-2022/CVE-2022-481xx/CVE-2022-48183.json) (`2023-10-09T21:15:10.080`) -* [CVE-2023-44392](CVE-2023/CVE-2023-443xx/CVE-2023-44392.json) (`2023-10-09T20:15:10.393`) -* [CVE-2023-44467](CVE-2023/CVE-2023-444xx/CVE-2023-44467.json) (`2023-10-09T20:15:10.480`) -* [CVE-2023-44811](CVE-2023/CVE-2023-448xx/CVE-2023-44811.json) (`2023-10-09T20:15:10.533`) -* [CVE-2023-44821](CVE-2023/CVE-2023-448xx/CVE-2023-44821.json) (`2023-10-09T20:15:10.583`) -* [CVE-2023-5461](CVE-2023/CVE-2023-54xx/CVE-2023-5461.json) (`2023-10-09T20:15:10.633`) -* [CVE-2023-43271](CVE-2023/CVE-2023-432xx/CVE-2023-43271.json) (`2023-10-09T21:15:10.173`) -* [CVE-2023-44812](CVE-2023/CVE-2023-448xx/CVE-2023-44812.json) (`2023-10-09T21:15:10.227`) -* [CVE-2023-44813](CVE-2023/CVE-2023-448xx/CVE-2023-44813.json) (`2023-10-09T21:15:10.273`) +* [CVE-2023-43641](CVE-2023/CVE-2023-436xx/CVE-2023-43641.json) (`2023-10-09T22:15:12.707`) +* [CVE-2023-43899](CVE-2023/CVE-2023-438xx/CVE-2023-43899.json) (`2023-10-09T22:15:12.807`) +* [CVE-2023-5462](CVE-2023/CVE-2023-54xx/CVE-2023-5462.json) (`2023-10-09T22:15:12.863`) +* [CVE-2023-5463](CVE-2023/CVE-2023-54xx/CVE-2023-5463.json) (`2023-10-09T22:15:12.937`) ### CVEs modified in the last Commit