From 9036dc0fd5981e78fd4ddc68a0b74d0f3917bbbe Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 31 Jul 2023 06:00:37 +0000 Subject: [PATCH] Auto-Update: 2023-07-31T06:00:34.119307+00:00 --- CVE-2023/CVE-2023-343xx/CVE-2023-34358.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-343xx/CVE-2023-34359.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-34xx/CVE-2023-3417.json | 6 ++- README.md | 16 +++--- 4 files changed, 123 insertions(+), 9 deletions(-) create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34358.json create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34359.json diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34358.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34358.json new file mode 100644 index 00000000000..94c8701a0cf --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34358.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34358", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-07-31T05:15:09.600", + "lastModified": "2023-07-31T05:15:09.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7279-05760-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34359.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34359.json new file mode 100644 index 00000000000..2f87fd63233 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34359.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34359", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-07-31T05:15:09.813", + "lastModified": "2023-07-31T05:15:09.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the \"do_json_decode()\" function of ej.c, resulting in a DoS condition." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7280-bea85-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json b/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json index 24628657ac3..cff19dbc1e2 100644 --- a/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json +++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3417.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3417", "sourceIdentifier": "security@mozilla.org", "published": "2023-07-24T11:15:09.953", - "lastModified": "2023-07-28T14:15:10.737", + "lastModified": "2023-07-31T04:15:09.987", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1835582", "source": "security@mozilla.org" }, + { + "url": "https://www.debian.org/security/2023/dsa-5463", + "source": "security@mozilla.org" + }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-27/", "source": "security@mozilla.org" diff --git a/README.md b/README.md index 807239ed180..c402876e45c 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-07-31T04:00:26.572546+00:00 +2023-07-31T06:00:34.119307+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-07-31T02:15:09.893000+00:00 +2023-07-31T05:15:09.813000+00:00 ``` ### Last Data Feed Release @@ -29,22 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -221291 +221293 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -* [CVE-2020-4868](CVE-2020/CVE-2020-48xx/CVE-2020-4868.json) (`2023-07-31T02:15:09.673`) -* [CVE-2023-22595](CVE-2023/CVE-2023-225xx/CVE-2023-22595.json) (`2023-07-31T02:15:09.803`) -* [CVE-2023-24971](CVE-2023/CVE-2023-249xx/CVE-2023-24971.json) (`2023-07-31T02:15:09.893`) +* [CVE-2023-34358](CVE-2023/CVE-2023-343xx/CVE-2023-34358.json) (`2023-07-31T05:15:09.600`) +* [CVE-2023-34359](CVE-2023/CVE-2023-343xx/CVE-2023-34359.json) (`2023-07-31T05:15:09.813`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2023-3417](CVE-2023/CVE-2023-34xx/CVE-2023-3417.json) (`2023-07-31T04:15:09.987`) ## Download and Usage