From 78bfde9eab2523d03bad8bd6e2e47ae5082eb57a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 21 Sep 2023 23:55:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-21T23:55:24.894197+00:00 --- CVE-2022/CVE-2022-301xx/CVE-2022-30114.json | 10 +++- CVE-2023/CVE-2023-416xx/CVE-2023-41614.json | 20 +++++++ CVE-2023/CVE-2023-416xx/CVE-2023-41616.json | 20 +++++++ CVE-2023/CVE-2023-422xx/CVE-2023-42261.json | 20 +++++++ CVE-2023/CVE-2023-431xx/CVE-2023-43128.json | 24 +++++++++ CVE-2023/CVE-2023-45xx/CVE-2023-4504.json | 44 +++++++++++++++ CVE-2023/CVE-2023-48xx/CVE-2023-4853.json | 10 ++-- CVE-2023/CVE-2023-50xx/CVE-2023-5068.json | 59 +++++++++++++++++++++ README.md | 29 +++++----- 9 files changed, 216 insertions(+), 20 deletions(-) create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41614.json create mode 100644 CVE-2023/CVE-2023-416xx/CVE-2023-41616.json create mode 100644 CVE-2023/CVE-2023-422xx/CVE-2023-42261.json create mode 100644 CVE-2023/CVE-2023-431xx/CVE-2023-43128.json create mode 100644 CVE-2023/CVE-2023-45xx/CVE-2023-4504.json create mode 100644 CVE-2023/CVE-2023-50xx/CVE-2023-5068.json diff --git a/CVE-2022/CVE-2022-301xx/CVE-2022-30114.json b/CVE-2022/CVE-2022-301xx/CVE-2022-30114.json index 724248bba4f..1c24ebe7271 100644 --- a/CVE-2022/CVE-2022-301xx/CVE-2022-30114.json +++ b/CVE-2022/CVE-2022-301xx/CVE-2022-30114.json @@ -2,12 +2,16 @@ "id": "CVE-2022-30114", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-19T12:15:09.340", - "lastModified": "2023-09-20T15:15:11.437", + "lastModified": "2023-09-21T22:15:09.740", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS." + }, + { + "lang": "es", + "value": "Un desbordamiento de b\u00fafer en un servicio de red en Fastweb FASTGate MediaAccess FGA2130FWB, versi\u00f3n de firmware 18.3.n.0482_FW_230_FGA2130 y DGA4131FWB, versi\u00f3n de firmware hasta 18.3.n.0462_FW_261_DGA4131, permite a un atacante remoto reiniciar el dispositivo a trav\u00e9s de una solicitud HTTP manipulada, provocando DoS." } ], "metrics": { @@ -113,6 +117,10 @@ "Technical Description", "Third Party Advisory" ] + }, + { + "url": "https://www.fastweb.it/myfastweb/assistenza/guide/FASTGate/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41614.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41614.json new file mode 100644 index 00000000000..22760541ba9 --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41614.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41614", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-21T23:15:09.947", + "lastModified": "2023-09-21T23:15:09.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/@guravtushar231/stored-xss-in-admin-panel-a38d1feb9ec4", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41616.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41616.json new file mode 100644 index 00000000000..78b230368ac --- /dev/null +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41616.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-41616", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-21T23:15:11.737", + "lastModified": "2023-09-21T23:15:11.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://medium.com/@guravtushar231/reflected-xss-in-admin-panel-7a459dcb9476", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-422xx/CVE-2023-42261.json b/CVE-2023/CVE-2023-422xx/CVE-2023-42261.json new file mode 100644 index 00000000000..8ab43c6ff6f --- /dev/null +++ b/CVE-2023/CVE-2023-422xx/CVE-2023-42261.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-42261", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-21T22:15:11.823", + "lastModified": "2023-09-21T22:15:11.823", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/woshinibaba222/hack16/blob/main/Unauthorized%20Access%20to%20MobSF.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43128.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43128.json new file mode 100644 index 00000000000..a8354b10bcd --- /dev/null +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43128.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-43128", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-21T23:15:12.133", + "lastModified": "2023-09-21T23:15:12.133", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-806", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/mmmmmx1/dlink/blob/main/DIR-806/1/readme.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json new file mode 100644 index 00000000000..06ef736b7b0 --- /dev/null +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2023-4504", + "sourceIdentifier": "cve@takeonme.org", + "published": "2023-09-21T23:15:12.293", + "lastModified": "2023-09-21T23:15:12.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Due to failure in validating the length provided by an attacker-crafted PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "cve@takeonme.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/OpenPrinting/cups/releases/tag/v2.4.7", + "source": "cve@takeonme.org" + }, + { + "url": "https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h", + "source": "cve@takeonme.org" + }, + { + "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-4f65-6ph5-qwh6", + "source": "cve@takeonme.org" + }, + { + "url": "https://takeonme.org/cves/CVE-2023-4504.html", + "source": "cve@takeonme.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-48xx/CVE-2023-4853.json b/CVE-2023/CVE-2023-48xx/CVE-2023-4853.json index ab124982aa8..34d84ad5b7f 100644 --- a/CVE-2023/CVE-2023-48xx/CVE-2023-4853.json +++ b/CVE-2023/CVE-2023-48xx/CVE-2023-4853.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4853", "sourceIdentifier": "secalert@redhat.com", "published": "2023-09-20T10:15:14.947", - "lastModified": "2023-09-20T10:48:49.100", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-21T22:15:12.180", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", @@ -11,7 +11,7 @@ }, { "lang": "es", - "value": "Se encontr\u00f3 una falla en Quarkus donde las pol\u00edticas de seguridad HTTP no sanitiza correctamente ciertas permutaciones de caracteres al aceptar solicitudes, lo que resulta en una evaluaci\u00f3n incorrecta de los permisos. Este problema podr\u00eda permitir que un atacante eluda la pol\u00edtica de seguridad por completo, lo que resultar\u00eda en un acceso no autorizado al punto final y posiblemente una Denegaci\u00f3n de Servicio." + "value": "Se encontr\u00f3 una falla en Quarkus donde las pol\u00edticas de seguridad HTTP no sanitiza correctamente ciertas permutaciones de caracteres al aceptar solicitudes, lo que resulta en una evaluaci\u00f3n incorrecta de los permisos. Este problema podr\u00eda permitir que un atacante eluda la pol\u00edtica de seguridad por completo, lo que resultar\u00eda en un acceso no autorizado al endpoint y posiblemente una Denegaci\u00f3n de Servicio." } ], "metrics": { @@ -47,6 +47,10 @@ "url": "https://access.redhat.com/errata/RHSA-2023:5310", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:5337", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4853", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-50xx/CVE-2023-5068.json b/CVE-2023/CVE-2023-50xx/CVE-2023-5068.json new file mode 100644 index 00000000000..e0c7cc1ff69 --- /dev/null +++ b/CVE-2023/CVE-2023-50xx/CVE-2023-5068.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5068", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-09-21T23:15:13.497", + "lastModified": "2023-09-21T23:15:13.497", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Delta Electronics DIAScreen may write past the end of an allocated \nbuffer while parsing a specially crafted input file. This could allow an\n attacker to execute code in the context of the current process.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://diastudio.deltaww.com/home/downloads?sec=download#catalog", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-03", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index aba2cffcc19..8df9225186b 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-21T22:00:24.060387+00:00 +2023-09-21T23:55:24.894197+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-21T21:15:10.877000+00:00 +2023-09-21T23:15:13.497000+00:00 ``` ### Last Data Feed Release @@ -29,30 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226015 +226021 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `6` -* [CVE-2023-34576](CVE-2023/CVE-2023-345xx/CVE-2023-34576.json) (`2023-09-21T20:15:10.133`) -* [CVE-2023-42482](CVE-2023/CVE-2023-424xx/CVE-2023-42482.json) (`2023-09-21T20:15:10.550`) -* [CVE-2023-38343](CVE-2023/CVE-2023-383xx/CVE-2023-38343.json) (`2023-09-21T21:15:09.747`) -* [CVE-2023-38344](CVE-2023/CVE-2023-383xx/CVE-2023-38344.json) (`2023-09-21T21:15:10.877`) +* [CVE-2023-42261](CVE-2023/CVE-2023-422xx/CVE-2023-42261.json) (`2023-09-21T22:15:11.823`) +* [CVE-2023-41614](CVE-2023/CVE-2023-416xx/CVE-2023-41614.json) (`2023-09-21T23:15:09.947`) +* [CVE-2023-41616](CVE-2023/CVE-2023-416xx/CVE-2023-41616.json) (`2023-09-21T23:15:11.737`) +* [CVE-2023-43128](CVE-2023/CVE-2023-431xx/CVE-2023-43128.json) (`2023-09-21T23:15:12.133`) +* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-09-21T23:15:12.293`) +* [CVE-2023-5068](CVE-2023/CVE-2023-50xx/CVE-2023-5068.json) (`2023-09-21T23:15:13.497`) ### CVEs modified in the last Commit -Recently modified CVEs: `7` +Recently modified CVEs: `2` -* [CVE-2020-35357](CVE-2020/CVE-2020-353xx/CVE-2020-35357.json) (`2023-09-21T20:15:09.787`) -* [CVE-2023-42793](CVE-2023/CVE-2023-427xx/CVE-2023-42793.json) (`2023-09-21T20:01:37.220`) -* [CVE-2023-43566](CVE-2023/CVE-2023-435xx/CVE-2023-43566.json) (`2023-09-21T20:01:48.277`) -* [CVE-2023-43373](CVE-2023/CVE-2023-433xx/CVE-2023-43373.json) (`2023-09-21T20:02:17.167`) -* [CVE-2023-43374](CVE-2023/CVE-2023-433xx/CVE-2023-43374.json) (`2023-09-21T20:03:01.670`) -* [CVE-2023-41991](CVE-2023/CVE-2023-419xx/CVE-2023-41991.json) (`2023-09-21T20:15:10.343`) -* [CVE-2023-41992](CVE-2023/CVE-2023-419xx/CVE-2023-41992.json) (`2023-09-21T20:15:10.467`) +* [CVE-2022-30114](CVE-2022/CVE-2022-301xx/CVE-2022-30114.json) (`2023-09-21T22:15:09.740`) +* [CVE-2023-4853](CVE-2023/CVE-2023-48xx/CVE-2023-4853.json) (`2023-09-21T22:15:12.180`) ## Download and Usage