Auto-Update: 2023-11-16T09:00:18.215773+00:00

2025-05-08 19:47:09 +00:00 · 2023-11-16 09:00:21 +00:00 · 2023-11-16 09:00:21 +00:00 · 7d8e693fb2
commit 7d8e693fb2
parent b330fa7668
6 changed files with 176 additions and 8 deletions
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43752.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43752.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-43752",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-11-16T07:15:07.203",
+  "lastModified": "2023-11-16T07:15:07.203",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU94119876/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20231114-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-437xx/CVE-2023-43757.json
+++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43757.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-43757",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-11-16T07:15:08.600",
+  "lastModified": "2023-11-16T07:15:08.600",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU94119876/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20210706-01/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20230810-01/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20231114-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-442xx/CVE-2023-44296.json
+++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44296.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-44296",
+  "sourceIdentifier": "security_alert@emc.com",
+  "published": "2023-11-16T08:15:31.300",
+  "lastModified": "2023-11-16T08:15:31.300",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nDell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security_alert@emc.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security_alert@emc.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-798"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000219558/dsa-2023-419-security-update-for-mobility-e-lab-navigator-vulnerabilities",
+      "source": "security_alert@emc.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-472xx/CVE-2023-47213.json
+++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47213.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-47213",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-11-16T08:15:32.840",
+  "lastModified": "2023-11-16T08:15:32.840",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "First Corporation's DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU99077347/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.c-first.co.jp/information/ddososhirase/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-476xx/CVE-2023-47674.json
+++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47674.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-47674",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-11-16T08:15:33.147",
+  "lastModified": "2023-11-16T08:15:33.147",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Missing authentication for critical function vulnerability in First Corporation's DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU99077347/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.c-first.co.jp/information/ddososhirase/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.c-first.co.jp/wp/wp-content/uploads/2023/11/tuushin.pdf",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-16T07:00:18.873981+00:00
+2023-11-16T09:00:18.215773+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-16T06:15:31.923000+00:00
+2023-11-16T08:15:33.147000+00:00
 ```

 ### Last Data Feed Release
@ -29,17 +29,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-230889
+230894
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `5`

-* [CVE-2021-35437](CVE-2021/CVE-2021-354xx/CVE-2021-35437.json) (`2023-11-16T05:15:24.303`)
-* [CVE-2023-43275](CVE-2023/CVE-2023-432xx/CVE-2023-43275.json) (`2023-11-16T05:15:29.880`)
-* [CVE-2023-47003](CVE-2023/CVE-2023-470xx/CVE-2023-47003.json) (`2023-11-16T05:15:29.927`)
-* [CVE-2023-47335](CVE-2023/CVE-2023-473xx/CVE-2023-47335.json) (`2023-11-16T06:15:31.923`)
+* [CVE-2023-43752](CVE-2023/CVE-2023-437xx/CVE-2023-43752.json) (`2023-11-16T07:15:07.203`)
+* [CVE-2023-43757](CVE-2023/CVE-2023-437xx/CVE-2023-43757.json) (`2023-11-16T07:15:08.600`)
+* [CVE-2023-44296](CVE-2023/CVE-2023-442xx/CVE-2023-44296.json) (`2023-11-16T08:15:31.300`)
+* [CVE-2023-47213](CVE-2023/CVE-2023-472xx/CVE-2023-47213.json) (`2023-11-16T08:15:32.840`)
+* [CVE-2023-47674](CVE-2023/CVE-2023-476xx/CVE-2023-47674.json) (`2023-11-16T08:15:33.147`)


 ### CVEs modified in the last Commit