Auto-Update: 2023-12-15T00:55:25.523754+00:00

2025-07-09 16:05:11 +00:00 · 2023-12-15 00:55:29 +00:00 · 2023-12-15 00:55:29 +00:00 · 91d883f597
commit 91d883f597
parent a462fe7244
4 changed files with 94 additions and 50 deletions
--- a/CVE-2023/CVE-2023-44xx/CVE-2023-4489.json
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4489.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-4489",
+  "sourceIdentifier": "product-security@silabs.com",
+  "published": "2023-12-14T23:15:07.400",
+  "lastModified": "2023-12-14T23:15:07.400",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\n\n\nThe first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. This makes the first S0 key generated at startup predictable, potentially allowing network key prediction and unauthorized S0 network access.\n\n \n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "product-security@silabs.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "product-security@silabs.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-908"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/SiliconLabs/gecko_sdk",
+      "source": "product-security@silabs.com"
+    },
+    {
+      "url": "https://siliconlabs.lightning.force.com/sfc/servlet.shepherd/document/download/0698Y00000buWj0QAE?operationContext=S1",
+      "source": "product-security@silabs.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-480xx/CVE-2023-48049.json
+++ b/CVE-2023/CVE-2023-480xx/CVE-2023-48049.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48049",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-15T00:15:42.600",
+  "lastModified": "2023-12-15T00:15:42.600",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/luvsn/OdZoo/tree/main/exploits/website_search_blog",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-490xx/CVE-2023-49092.json
+++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49092.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-49092",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2023-11-28T21:15:08.530",
-  "lastModified": "2023-12-06T18:47:43.140",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-14T23:15:07.050",
+  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
      "lang": "en",
@ -41,20 +41,20 @@
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
-          "integrityImpact": "HIGH",
+          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
-          "baseScore": 7.4,
-          "baseSeverity": "HIGH"
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.2,
-        "impactScore": 5.2
+        "impactScore": 3.6
      }
    ]
  },
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-12-14T23:00:25.007264+00:00
+2023-12-15T00:55:25.523754+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-12-14T22:57:56.553000+00:00
+2023-12-15T00:15:42.600000+00:00
 ```

 ### Last Data Feed Release
@ -29,57 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-233235
+233237
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `14`
+Recently added CVEs: `2`

-* [CVE-2023-0248](CVE-2023/CVE-2023-02xx/CVE-2023-0248.json) (`2023-12-14T21:15:07.553`)
-* [CVE-2023-49342](CVE-2023/CVE-2023-493xx/CVE-2023-49342.json) (`2023-12-14T22:15:42.813`)
-* [CVE-2023-49343](CVE-2023/CVE-2023-493xx/CVE-2023-49343.json) (`2023-12-14T22:15:43.027`)
-* [CVE-2023-49344](CVE-2023/CVE-2023-493xx/CVE-2023-49344.json) (`2023-12-14T22:15:43.220`)
-* [CVE-2023-49345](CVE-2023/CVE-2023-493xx/CVE-2023-49345.json) (`2023-12-14T22:15:43.407`)
-* [CVE-2023-49346](CVE-2023/CVE-2023-493xx/CVE-2023-49346.json) (`2023-12-14T22:15:43.603`)
-* [CVE-2023-49347](CVE-2023/CVE-2023-493xx/CVE-2023-49347.json) (`2023-12-14T22:15:43.787`)
-* [CVE-2023-6134](CVE-2023/CVE-2023-61xx/CVE-2023-6134.json) (`2023-12-14T22:15:44.087`)
-* [CVE-2023-6702](CVE-2023/CVE-2023-67xx/CVE-2023-6702.json) (`2023-12-14T22:15:44.387`)
-* [CVE-2023-6703](CVE-2023/CVE-2023-67xx/CVE-2023-6703.json) (`2023-12-14T22:15:44.437`)
-* [CVE-2023-6704](CVE-2023/CVE-2023-67xx/CVE-2023-6704.json) (`2023-12-14T22:15:44.487`)
-* [CVE-2023-6705](CVE-2023/CVE-2023-67xx/CVE-2023-6705.json) (`2023-12-14T22:15:44.533`)
-* [CVE-2023-6706](CVE-2023/CVE-2023-67xx/CVE-2023-6706.json) (`2023-12-14T22:15:44.587`)
-* [CVE-2023-6707](CVE-2023/CVE-2023-67xx/CVE-2023-6707.json) (`2023-12-14T22:15:44.637`)
+* [CVE-2023-4489](CVE-2023/CVE-2023-44xx/CVE-2023-4489.json) (`2023-12-14T23:15:07.400`)
+* [CVE-2023-48049](CVE-2023/CVE-2023-480xx/CVE-2023-48049.json) (`2023-12-15T00:15:42.600`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `24`
+Recently modified CVEs: `1`

-* [CVE-2022-1049](CVE-2022/CVE-2022-10xx/CVE-2022-1049.json) (`2023-12-14T21:40:19.627`)
-* [CVE-2023-49089](CVE-2023/CVE-2023-490xx/CVE-2023-49089.json) (`2023-12-14T21:00:33.137`)
-* [CVE-2023-43364](CVE-2023/CVE-2023-433xx/CVE-2023-43364.json) (`2023-12-14T21:15:15.067`)
-* [CVE-2023-49274](CVE-2023/CVE-2023-492xx/CVE-2023-49274.json) (`2023-12-14T21:19:39.513`)
-* [CVE-2023-35624](CVE-2023/CVE-2023-356xx/CVE-2023-35624.json) (`2023-12-14T21:27:05.323`)
-* [CVE-2023-35622](CVE-2023/CVE-2023-356xx/CVE-2023-35622.json) (`2023-12-14T21:27:48.973`)
-* [CVE-2023-35625](CVE-2023/CVE-2023-356xx/CVE-2023-35625.json) (`2023-12-14T21:36:00.040`)
-* [CVE-2023-35638](CVE-2023/CVE-2023-356xx/CVE-2023-35638.json) (`2023-12-14T21:37:52.933`)
-* [CVE-2023-36020](CVE-2023/CVE-2023-360xx/CVE-2023-36020.json) (`2023-12-14T21:38:39.890`)
-* [CVE-2023-36391](CVE-2023/CVE-2023-363xx/CVE-2023-36391.json) (`2023-12-14T21:39:22.057`)
-* [CVE-2023-4886](CVE-2023/CVE-2023-48xx/CVE-2023-4886.json) (`2023-12-14T22:15:43.967`)
-* [CVE-2023-6563](CVE-2023/CVE-2023-65xx/CVE-2023-6563.json) (`2023-12-14T22:15:44.303`)
-* [CVE-2023-37457](CVE-2023/CVE-2023-374xx/CVE-2023-37457.json) (`2023-12-14T22:44:49.057`)
-* [CVE-2023-45894](CVE-2023/CVE-2023-458xx/CVE-2023-45894.json) (`2023-12-14T22:44:49.057`)
-* [CVE-2023-49294](CVE-2023/CVE-2023-492xx/CVE-2023-49294.json) (`2023-12-14T22:44:49.057`)
-* [CVE-2023-49786](CVE-2023/CVE-2023-497xx/CVE-2023-49786.json) (`2023-12-14T22:44:49.057`)
-* [CVE-2023-50471](CVE-2023/CVE-2023-504xx/CVE-2023-50471.json) (`2023-12-14T22:44:49.057`)
-* [CVE-2023-50472](CVE-2023/CVE-2023-504xx/CVE-2023-50472.json) (`2023-12-14T22:44:49.057`)
-* [CVE-2023-46456](CVE-2023/CVE-2023-464xx/CVE-2023-46456.json) (`2023-12-14T22:49:19.163`)
-* [CVE-2023-47077](CVE-2023/CVE-2023-470xx/CVE-2023-47077.json) (`2023-12-14T22:57:10.713`)
-* [CVE-2023-47076](CVE-2023/CVE-2023-470xx/CVE-2023-47076.json) (`2023-12-14T22:57:27.203`)
-* [CVE-2023-47075](CVE-2023/CVE-2023-470xx/CVE-2023-47075.json) (`2023-12-14T22:57:35.057`)
-* [CVE-2023-47074](CVE-2023/CVE-2023-470xx/CVE-2023-47074.json) (`2023-12-14T22:57:48.280`)
-* [CVE-2023-47063](CVE-2023/CVE-2023-470xx/CVE-2023-47063.json) (`2023-12-14T22:57:56.553`)
+* [CVE-2023-49092](CVE-2023/CVE-2023-490xx/CVE-2023-49092.json) (`2023-12-14T23:15:07.050`)


 ## Download and Usage