Auto-Update: 2023-07-24T16:00:27.830969+00:00

2025-07-09 16:05:11 +00:00 · 2023-07-24 16:00:31 +00:00 · 2023-07-24 16:00:31 +00:00 · 85f7e03116
commit 85f7e03116
parent 84ea2c231f
7 changed files with 182 additions and 30 deletions
--- a/CVE-2022/CVE-2022-288xx/CVE-2022-28863.json
+++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28863.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2022-28863",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-07-24T14:15:10.040",
+  "lastModified": "2023-07-24T14:15:10.040",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.gruppotim.it/it/footer/red-team.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-288xx/CVE-2022-28864.json
+++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28864.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2022-28864",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-07-24T14:15:10.103",
+  "lastModified": "2023-07-24T14:15:10.103",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.gruppotim.it/it/footer/red-team.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-288xx/CVE-2022-28865.json
+++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28865.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2022-28865",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-07-24T14:15:10.157",
+  "lastModified": "2023-07-24T14:15:10.157",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.gruppotim.it/it/footer/red-team.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-288xx/CVE-2022-28867.json
+++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28867.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2022-28867",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-07-24T14:15:10.210",
+  "lastModified": "2023-07-24T14:15:10.210",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.gruppotim.it/it/footer/red-team.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2022/CVE-2022-302xx/CVE-2022-30280.json
+++ b/CVE-2022/CVE-2022-302xx/CVE-2022-30280.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2022-30280",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-07-24T14:15:10.267",
+  "lastModified": "2023-07-24T14:15:10.267",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF token. With a little help of social engineering/phishing (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://www.gruppotim.it/it/footer/red-team.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2023-3863",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-07-24T15:15:09.397",
+  "lastModified": "2023-07-24T15:15:09.397",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-3863",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225126",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-07-24T14:00:35.425141+00:00
+2023-07-24T16:00:27.830969+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-07-24T13:54:40.380000+00:00
+2023-07-24T15:15:09.397000+00:00
 ```

 ### Last Data Feed Release
@ -29,44 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-220896
+220902
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `6`

+* [CVE-2022-28863](CVE-2022/CVE-2022-288xx/CVE-2022-28863.json) (`2023-07-24T14:15:10.040`)
+* [CVE-2022-28864](CVE-2022/CVE-2022-288xx/CVE-2022-28864.json) (`2023-07-24T14:15:10.103`)
+* [CVE-2022-28865](CVE-2022/CVE-2022-288xx/CVE-2022-28865.json) (`2023-07-24T14:15:10.157`)
+* [CVE-2022-28867](CVE-2022/CVE-2022-288xx/CVE-2022-28867.json) (`2023-07-24T14:15:10.210`)
+* [CVE-2022-30280](CVE-2022/CVE-2022-302xx/CVE-2022-30280.json) (`2023-07-24T14:15:10.267`)
+* [CVE-2023-3863](CVE-2023/CVE-2023-38xx/CVE-2023-3863.json) (`2023-07-24T15:15:09.397`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `226`
+Recently modified CVEs: `0`

-* [CVE-2023-3847](CVE-2023/CVE-2023-38xx/CVE-2023-3847.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3848](CVE-2023/CVE-2023-38xx/CVE-2023-3848.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3849](CVE-2023/CVE-2023-38xx/CVE-2023-3849.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-28133](CVE-2023/CVE-2023-281xx/CVE-2023-28133.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3850](CVE-2023/CVE-2023-38xx/CVE-2023-3850.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3852](CVE-2023/CVE-2023-38xx/CVE-2023-3852.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3853](CVE-2023/CVE-2023-38xx/CVE-2023-3853.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3854](CVE-2023/CVE-2023-38xx/CVE-2023-3854.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3855](CVE-2023/CVE-2023-38xx/CVE-2023-3855.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3856](CVE-2023/CVE-2023-38xx/CVE-2023-3856.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3857](CVE-2023/CVE-2023-38xx/CVE-2023-3857.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3858](CVE-2023/CVE-2023-38xx/CVE-2023-3858.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3859](CVE-2023/CVE-2023-38xx/CVE-2023-3859.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3860](CVE-2023/CVE-2023-38xx/CVE-2023-3860.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3861](CVE-2023/CVE-2023-38xx/CVE-2023-3861.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3862](CVE-2023/CVE-2023-38xx/CVE-2023-3862.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-38056](CVE-2023/CVE-2023-380xx/CVE-2023-38056.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-38057](CVE-2023/CVE-2023-380xx/CVE-2023-38057.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-38058](CVE-2023/CVE-2023-380xx/CVE-2023-38058.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-38060](CVE-2023/CVE-2023-380xx/CVE-2023-38060.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-2309](CVE-2023/CVE-2023-23xx/CVE-2023-2309.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-2761](CVE-2023/CVE-2023-27xx/CVE-2023-2761.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3248](CVE-2023/CVE-2023-32xx/CVE-2023-3248.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3344](CVE-2023/CVE-2023-33xx/CVE-2023-3344.json) (`2023-07-24T13:09:06.887`)
-* [CVE-2023-3417](CVE-2023/CVE-2023-34xx/CVE-2023-3417.json) (`2023-07-24T13:09:06.887`)


 ## Download and Usage