From 85f7e03116725116d66cce845d28efbbfdc10ea6 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 24 Jul 2023 16:00:31 +0000 Subject: [PATCH] Auto-Update: 2023-07-24T16:00:27.830969+00:00 --- CVE-2022/CVE-2022-288xx/CVE-2022-28863.json | 24 ++++++++++ CVE-2022/CVE-2022-288xx/CVE-2022-28864.json | 24 ++++++++++ CVE-2022/CVE-2022-288xx/CVE-2022-28865.json | 24 ++++++++++ CVE-2022/CVE-2022-288xx/CVE-2022-28867.json | 24 ++++++++++ CVE-2022/CVE-2022-302xx/CVE-2022-30280.json | 24 ++++++++++ CVE-2023/CVE-2023-38xx/CVE-2023-3863.json | 51 +++++++++++++++++++++ README.md | 41 +++++------------ 7 files changed, 182 insertions(+), 30 deletions(-) create mode 100644 CVE-2022/CVE-2022-288xx/CVE-2022-28863.json create mode 100644 CVE-2022/CVE-2022-288xx/CVE-2022-28864.json create mode 100644 CVE-2022/CVE-2022-288xx/CVE-2022-28865.json create mode 100644 CVE-2022/CVE-2022-288xx/CVE-2022-28867.json create mode 100644 CVE-2022/CVE-2022-302xx/CVE-2022-30280.json create mode 100644 CVE-2023/CVE-2023-38xx/CVE-2023-3863.json diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28863.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28863.json new file mode 100644 index 00000000000..be83e6dd5aa --- /dev/null +++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28863.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-28863", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-24T14:15:10.040", + "lastModified": "2023-07-24T14:15:10.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28864.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28864.json new file mode 100644 index 00000000000..c753079aeff --- /dev/null +++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28864.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-28864", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-24T14:15:10.103", + "lastModified": "2023-07-24T14:15:10.103", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28865.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28865.json new file mode 100644 index 00000000000..3466c56daa3 --- /dev/null +++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28865.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-28865", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-24T14:15:10.157", + "lastModified": "2023-07-24T14:15:10.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-288xx/CVE-2022-28867.json b/CVE-2022/CVE-2022-288xx/CVE-2022-28867.json new file mode 100644 index 00000000000..d91c6fbdb61 --- /dev/null +++ b/CVE-2022/CVE-2022-288xx/CVE-2022-28867.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-28867", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-24T14:15:10.210", + "lastModified": "2023-07-24T14:15:10.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-302xx/CVE-2022-30280.json b/CVE-2022/CVE-2022-302xx/CVE-2022-30280.json new file mode 100644 index 00000000000..a10e2e19931 --- /dev/null +++ b/CVE-2022/CVE-2022-302xx/CVE-2022-30280.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2022-30280", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-07-24T14:15:10.267", + "lastModified": "2023-07-24T14:15:10.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF token. With a little help of social engineering/phishing (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.gruppotim.it/it/footer/red-team.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json new file mode 100644 index 00000000000..c6d29823e38 --- /dev/null +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3863.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-3863", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-07-24T15:15:09.397", + "lastModified": "2023-07-24T15:15:09.397", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-3863", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2225126", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 59141c19fb8..b8526f37f00 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-24T14:00:35.425141+00:00 +2023-07-24T16:00:27.830969+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-24T13:54:40.380000+00:00 +2023-07-24T15:15:09.397000+00:00 ``` ### Last Data Feed Release @@ -29,44 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -220896 +220902 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `6` +* [CVE-2022-28863](CVE-2022/CVE-2022-288xx/CVE-2022-28863.json) (`2023-07-24T14:15:10.040`) +* [CVE-2022-28864](CVE-2022/CVE-2022-288xx/CVE-2022-28864.json) (`2023-07-24T14:15:10.103`) +* [CVE-2022-28865](CVE-2022/CVE-2022-288xx/CVE-2022-28865.json) (`2023-07-24T14:15:10.157`) +* [CVE-2022-28867](CVE-2022/CVE-2022-288xx/CVE-2022-28867.json) (`2023-07-24T14:15:10.210`) +* [CVE-2022-30280](CVE-2022/CVE-2022-302xx/CVE-2022-30280.json) (`2023-07-24T14:15:10.267`) +* [CVE-2023-3863](CVE-2023/CVE-2023-38xx/CVE-2023-3863.json) (`2023-07-24T15:15:09.397`) ### CVEs modified in the last Commit -Recently modified CVEs: `226` +Recently modified CVEs: `0` -* [CVE-2023-3847](CVE-2023/CVE-2023-38xx/CVE-2023-3847.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3848](CVE-2023/CVE-2023-38xx/CVE-2023-3848.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3849](CVE-2023/CVE-2023-38xx/CVE-2023-3849.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-28133](CVE-2023/CVE-2023-281xx/CVE-2023-28133.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3850](CVE-2023/CVE-2023-38xx/CVE-2023-3850.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3852](CVE-2023/CVE-2023-38xx/CVE-2023-3852.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3853](CVE-2023/CVE-2023-38xx/CVE-2023-3853.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3854](CVE-2023/CVE-2023-38xx/CVE-2023-3854.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3855](CVE-2023/CVE-2023-38xx/CVE-2023-3855.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3856](CVE-2023/CVE-2023-38xx/CVE-2023-3856.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3857](CVE-2023/CVE-2023-38xx/CVE-2023-3857.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3858](CVE-2023/CVE-2023-38xx/CVE-2023-3858.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3859](CVE-2023/CVE-2023-38xx/CVE-2023-3859.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3860](CVE-2023/CVE-2023-38xx/CVE-2023-3860.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3861](CVE-2023/CVE-2023-38xx/CVE-2023-3861.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3862](CVE-2023/CVE-2023-38xx/CVE-2023-3862.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-38056](CVE-2023/CVE-2023-380xx/CVE-2023-38056.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-38057](CVE-2023/CVE-2023-380xx/CVE-2023-38057.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-38058](CVE-2023/CVE-2023-380xx/CVE-2023-38058.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-38060](CVE-2023/CVE-2023-380xx/CVE-2023-38060.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-2309](CVE-2023/CVE-2023-23xx/CVE-2023-2309.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-2761](CVE-2023/CVE-2023-27xx/CVE-2023-2761.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3248](CVE-2023/CVE-2023-32xx/CVE-2023-3248.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3344](CVE-2023/CVE-2023-33xx/CVE-2023-3344.json) (`2023-07-24T13:09:06.887`) -* [CVE-2023-3417](CVE-2023/CVE-2023-34xx/CVE-2023-3417.json) (`2023-07-24T13:09:06.887`) ## Download and Usage