Auto-Update: 2024-01-03T09:00:24.927629+00:00

2025-05-08 19:47:09 +00:00 · 2024-01-03 09:00:28 +00:00 · 2024-01-03 09:00:28 +00:00 · 97575cd0d9
commit 97575cd0d9
parent 748a377a28
10 changed files with 408 additions and 14 deletions
--- a/CVE-2023/CVE-2023-474xx/CVE-2023-47473.json
+++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47473.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-47473",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-03T07:15:07.350",
+  "lastModified": "2024-01-03T07:15:07.350",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Directory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/THMOAS0/SSR123/blob/main/%E4%BC%81%E8%AF%ADiFair%20Any%20file%20read.pdf",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.yuque.com/ssr123/gxhh8t/xv5oxd5i5pxmxd1a?singleDoc",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-509xx/CVE-2023-50922.json
+++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50922.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-50922",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-03T08:15:09.607",
+  "lastModified": "2024-01-03T08:15:09.607",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Remote%20code%20execution%20due%20to%20gl_crontabs.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-69xx/CVE-2023-6918.json
+++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6918.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-6918",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2023-12-19T00:15:08.460",
-  "lastModified": "2024-01-02T16:00:10.647",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-03T08:15:09.780",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -206,6 +206,10 @@
      "tags": [
        "Release Notes"
      ]
+    },
+    {
+      "url": "https://www.libssh.org/security/advisories/CVE-2023-6918.txt",
+      "source": "secalert@redhat.com"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-69xx/CVE-2023-6986.json
+++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6986.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2023-6986",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-01-03T07:15:07.483",
+  "lastModified": "2024-01-03T07:15:07.483",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The EmbedPress \u2013 Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.svn.wordpress.org/embedpress/trunk/EmbedPress/Shortcode.php",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3014595%40embedpress&new=3014595%40embedpress&sfp_email=&sfph_mail=#file11",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ceae0115-268c-401b-876b-3477d10c10e6?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-02xx/CVE-2024-0207.json
+++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0207.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-0207",
+  "sourceIdentifier": "cve@gitlab.com",
+  "published": "2024-01-03T08:15:10.053",
+  "lastModified": "2024-01-03T08:15:10.053",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@gitlab.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@gitlab.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.com/wireshark/wireshark/-/issues/19502",
+      "source": "cve@gitlab.com"
+    },
+    {
+      "url": "https://www.wireshark.org/security/wnpa-sec-2024-03.html",
+      "source": "cve@gitlab.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-02xx/CVE-2024-0208.json
+++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0208.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-0208",
+  "sourceIdentifier": "cve@gitlab.com",
+  "published": "2024-01-03T08:15:10.340",
+  "lastModified": "2024-01-03T08:15:10.340",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@gitlab.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@gitlab.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-674"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.com/wireshark/wireshark/-/issues/19496",
+      "source": "cve@gitlab.com"
+    },
+    {
+      "url": "https://www.wireshark.org/security/wnpa-sec-2024-01.html",
+      "source": "cve@gitlab.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-02xx/CVE-2024-0209.json
+++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0209.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-0209",
+  "sourceIdentifier": "cve@gitlab.com",
+  "published": "2024-01-03T08:15:10.793",
+  "lastModified": "2024-01-03T08:15:10.793",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@gitlab.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@gitlab.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.com/wireshark/wireshark/-/issues/19501",
+      "source": "cve@gitlab.com"
+    },
+    {
+      "url": "https://www.wireshark.org/security/wnpa-sec-2024-02.html",
+      "source": "cve@gitlab.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-02xx/CVE-2024-0210.json
+++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0210.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-0210",
+  "sourceIdentifier": "cve@gitlab.com",
+  "published": "2024-01-03T08:15:11.150",
+  "lastModified": "2024-01-03T08:15:11.150",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@gitlab.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@gitlab.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-674"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.com/wireshark/wireshark/-/issues/19504",
+      "source": "cve@gitlab.com"
+    },
+    {
+      "url": "https://www.wireshark.org/security/wnpa-sec-2024-04.html",
+      "source": "cve@gitlab.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-02xx/CVE-2024-0211.json
+++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0211.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-0211",
+  "sourceIdentifier": "cve@gitlab.com",
+  "published": "2024-01-03T08:15:11.443",
+  "lastModified": "2024-01-03T08:15:11.443",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@gitlab.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@gitlab.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-674"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.com/wireshark/wireshark/-/issues/19557",
+      "source": "cve@gitlab.com"
+    },
+    {
+      "url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html",
+      "source": "cve@gitlab.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-03T07:00:25.448954+00:00
+2024-01-03T09:00:24.927629+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-03T06:15:47.663000+00:00
+2024-01-03T08:15:11.443000+00:00
 ```

 ### Last Data Feed Release
@ -29,28 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-234757
+234765
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `8`

-* [CVE-2023-46308](CVE-2023/CVE-2023-463xx/CVE-2023-46308.json) (`2024-01-03T05:15:11.360`)
-* [CVE-2023-6629](CVE-2023/CVE-2023-66xx/CVE-2023-6629.json) (`2024-01-03T05:15:11.463`)
-* [CVE-2023-7027](CVE-2023/CVE-2023-70xx/CVE-2023-7027.json) (`2024-01-03T05:15:11.700`)
-* [CVE-2023-42358](CVE-2023/CVE-2023-423xx/CVE-2023-42358.json) (`2024-01-03T06:15:47.063`)
-* [CVE-2023-6524](CVE-2023/CVE-2023-65xx/CVE-2023-6524.json) (`2024-01-03T06:15:47.120`)
-* [CVE-2023-6600](CVE-2023/CVE-2023-66xx/CVE-2023-6600.json) (`2024-01-03T06:15:47.337`)
-* [CVE-2023-6980](CVE-2023/CVE-2023-69xx/CVE-2023-6980.json) (`2024-01-03T06:15:47.500`)
-* [CVE-2023-6981](CVE-2023/CVE-2023-69xx/CVE-2023-6981.json) (`2024-01-03T06:15:47.663`)
+* [CVE-2023-47473](CVE-2023/CVE-2023-474xx/CVE-2023-47473.json) (`2024-01-03T07:15:07.350`)
+* [CVE-2023-6986](CVE-2023/CVE-2023-69xx/CVE-2023-6986.json) (`2024-01-03T07:15:07.483`)
+* [CVE-2023-50922](CVE-2023/CVE-2023-509xx/CVE-2023-50922.json) (`2024-01-03T08:15:09.607`)
+* [CVE-2024-0207](CVE-2024/CVE-2024-02xx/CVE-2024-0207.json) (`2024-01-03T08:15:10.053`)
+* [CVE-2024-0208](CVE-2024/CVE-2024-02xx/CVE-2024-0208.json) (`2024-01-03T08:15:10.340`)
+* [CVE-2024-0209](CVE-2024/CVE-2024-02xx/CVE-2024-0209.json) (`2024-01-03T08:15:10.793`)
+* [CVE-2024-0210](CVE-2024/CVE-2024-02xx/CVE-2024-0210.json) (`2024-01-03T08:15:11.150`)
+* [CVE-2024-0211](CVE-2024/CVE-2024-02xx/CVE-2024-0211.json) (`2024-01-03T08:15:11.443`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

-* [CVE-2023-3812](CVE-2023/CVE-2023-38xx/CVE-2023-3812.json) (`2024-01-03T06:15:46.847`)
+* [CVE-2023-6918](CVE-2023/CVE-2023-69xx/CVE-2023-6918.json) (`2024-01-03T08:15:09.780`)


 ## Download and Usage