From acd989d3c0ac0eba720b0052b2610bb0e7f0ed54 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 28 Sep 2023 04:00:27 +0000 Subject: [PATCH] Auto-Update: 2023-09-28T04:00:24.373808+00:00 --- CVE-2022/CVE-2022-360xx/CVE-2022-36087.json | 12 ++++++-- CVE-2023/CVE-2023-410xx/CVE-2023-41051.json | 10 ++++++- CVE-2023/CVE-2023-414xx/CVE-2023-41444.json | 28 +++++++++++++++++ CVE-2023/CVE-2023-414xx/CVE-2023-41446.json | 28 +++++++++++++++++ CVE-2023/CVE-2023-414xx/CVE-2023-41447.json | 28 +++++++++++++++++ CVE-2023/CVE-2023-414xx/CVE-2023-41450.json | 28 +++++++++++++++++ CVE-2023/CVE-2023-422xx/CVE-2023-42222.json | 28 +++++++++++++++++ README.md | 33 ++++++++------------- 8 files changed, 171 insertions(+), 24 deletions(-) create mode 100644 CVE-2023/CVE-2023-414xx/CVE-2023-41444.json create mode 100644 CVE-2023/CVE-2023-414xx/CVE-2023-41446.json create mode 100644 CVE-2023/CVE-2023-414xx/CVE-2023-41447.json create mode 100644 CVE-2023/CVE-2023-414xx/CVE-2023-41450.json create mode 100644 CVE-2023/CVE-2023-422xx/CVE-2023-42222.json diff --git a/CVE-2022/CVE-2022-360xx/CVE-2022-36087.json b/CVE-2022/CVE-2022-360xx/CVE-2022-36087.json index 48bb02ae891..9d9a445b4d9 100644 --- a/CVE-2022/CVE-2022-360xx/CVE-2022-36087.json +++ b/CVE-2022/CVE-2022-360xx/CVE-2022-36087.json @@ -2,8 +2,8 @@ "id": "CVE-2022-36087", "sourceIdentifier": "security-advisories@github.com", "published": "2022-09-09T21:15:08.477", - "lastModified": "2022-11-10T03:55:29.917", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-28T03:15:09.057", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -155,6 +155,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBCQJR3ZF7FVNTJYRVPVSQEQRAYZIUHU/", + "source": "security-advisories@github.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYLYHE5HWF6R2CRLJFUK4PILR47WXOE/", "source": "security-advisories@github.com", @@ -162,6 +166,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2CQZM5CKOUM4GW2GTAPQEQFPITQ6F7S/", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json index 9f359daf8e5..1e1fbb7e825 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41051", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-01T19:15:42.883", - "lastModified": "2023-09-23T02:15:18.330", + "lastModified": "2023-09-28T03:15:10.457", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,14 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPXRXD5VXBZHBGMUM77B52CJJMG7EJGI/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYM6CYW2DWRHRAVL2HYTQPXC3J2V77J4/", + "source": "security-advisories@github.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZGJL6BQLU4XCPQLLTW4GSSBTNQXB3TI/", "source": "security-advisories@github.com" diff --git a/CVE-2023/CVE-2023-414xx/CVE-2023-41444.json b/CVE-2023/CVE-2023-414xx/CVE-2023-41444.json new file mode 100644 index 00000000000..51e7ce10c54 --- /dev/null +++ b/CVE-2023/CVE-2023-414xx/CVE-2023-41444.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-41444", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-28T03:15:11.193", + "lastModified": "2023-09-28T03:15:11.193", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://blog.dru1d.ninja/windows-driver-exploit-development-irec-sys-a5eb45093945", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/dru1d-foofus/1af21179f253879f101c3a8d4f718bf0", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/magicsword-io/LOLDrivers/blob/main/yaml/d74fdf19-b4b0-4ec2-9c29-4213b064138b.yml", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-414xx/CVE-2023-41446.json b/CVE-2023/CVE-2023-414xx/CVE-2023-41446.json new file mode 100644 index 00000000000..1369e9e7245 --- /dev/null +++ b/CVE-2023/CVE-2023-414xx/CVE-2023-41446.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-41446", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-28T03:15:11.387", + "lastModified": "2023-09-28T03:15:11.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://ajaxnewsticker.com", + "source": "cve@mitre.org" + }, + { + "url": "http://phpkobo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/RNPG/4bb91170f8ee50b395427f26bc96a1f2", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-414xx/CVE-2023-41447.json b/CVE-2023/CVE-2023-414xx/CVE-2023-41447.json new file mode 100644 index 00000000000..de9e8de0f30 --- /dev/null +++ b/CVE-2023/CVE-2023-414xx/CVE-2023-41447.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-41447", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-28T03:15:11.480", + "lastModified": "2023-09-28T03:15:11.480", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://ajaxnewsticker.com", + "source": "cve@mitre.org" + }, + { + "url": "http://phpkobo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/RNPG/56b9fe4dcc3a248d4288bde5ffb3a5b3", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-414xx/CVE-2023-41450.json b/CVE-2023/CVE-2023-414xx/CVE-2023-41450.json new file mode 100644 index 00000000000..f90771b296a --- /dev/null +++ b/CVE-2023/CVE-2023-414xx/CVE-2023-41450.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-41450", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-28T03:15:11.563", + "lastModified": "2023-09-28T03:15:11.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://ajaxnewsticker.com", + "source": "cve@mitre.org" + }, + { + "url": "http://phpkobo.com", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/RNPG/e11af10e1bd3606de8b568033d932589", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-422xx/CVE-2023-42222.json b/CVE-2023/CVE-2023-422xx/CVE-2023-42222.json new file mode 100644 index 00000000000..839dae09118 --- /dev/null +++ b/CVE-2023/CVE-2023-422xx/CVE-2023-42222.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-42222", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-28T03:15:11.643", + "lastModified": "2023-09-28T03:15:11.643", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/itssixtyn3in/CVE-2023-42222", + "source": "cve@mitre.org" + }, + { + "url": "https://webcatalog.io/changelog/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3841fd72874..bd1794e35fb 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-28T02:00:25.747309+00:00 +2023-09-28T04:00:24.373808+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-28T01:58:26.690000+00:00 +2023-09-28T03:15:11.643000+00:00 ``` ### Last Data Feed Release @@ -29,35 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226483 +226488 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -* [CVE-2023-5244](CVE-2023/CVE-2023-52xx/CVE-2023-5244.json) (`2023-09-28T01:15:09.060`) +* [CVE-2023-41444](CVE-2023/CVE-2023-414xx/CVE-2023-41444.json) (`2023-09-28T03:15:11.193`) +* [CVE-2023-41446](CVE-2023/CVE-2023-414xx/CVE-2023-41446.json) (`2023-09-28T03:15:11.387`) +* [CVE-2023-41447](CVE-2023/CVE-2023-414xx/CVE-2023-41447.json) (`2023-09-28T03:15:11.480`) +* [CVE-2023-41450](CVE-2023/CVE-2023-414xx/CVE-2023-41450.json) (`2023-09-28T03:15:11.563`) +* [CVE-2023-42222](CVE-2023/CVE-2023-422xx/CVE-2023-42222.json) (`2023-09-28T03:15:11.643`) ### CVEs modified in the last Commit -Recently modified CVEs: `15` +Recently modified CVEs: `2` -* [CVE-2023-4088](CVE-2023/CVE-2023-40xx/CVE-2023-4088.json) (`2023-09-28T00:15:09.553`) -* [CVE-2023-41962](CVE-2023/CVE-2023-419xx/CVE-2023-41962.json) (`2023-09-28T01:06:56.717`) -* [CVE-2023-43614](CVE-2023/CVE-2023-436xx/CVE-2023-43614.json) (`2023-09-28T01:10:50.470`) -* [CVE-2023-23958](CVE-2023/CVE-2023-239xx/CVE-2023-23958.json) (`2023-09-28T01:14:41.083`) -* [CVE-2023-44152](CVE-2023/CVE-2023-441xx/CVE-2023-44152.json) (`2023-09-28T01:22:12.437`) -* [CVE-2023-44153](CVE-2023/CVE-2023-441xx/CVE-2023-44153.json) (`2023-09-28T01:23:03.267`) -* [CVE-2023-44154](CVE-2023/CVE-2023-441xx/CVE-2023-44154.json) (`2023-09-28T01:27:19.867`) -* [CVE-2023-44155](CVE-2023/CVE-2023-441xx/CVE-2023-44155.json) (`2023-09-28T01:28:18.913`) -* [CVE-2023-44156](CVE-2023/CVE-2023-441xx/CVE-2023-44156.json) (`2023-09-28T01:31:19.293`) -* [CVE-2023-44157](CVE-2023/CVE-2023-441xx/CVE-2023-44157.json) (`2023-09-28T01:36:28.527`) -* [CVE-2023-44158](CVE-2023/CVE-2023-441xx/CVE-2023-44158.json) (`2023-09-28T01:38:48.113`) -* [CVE-2023-44159](CVE-2023/CVE-2023-441xx/CVE-2023-44159.json) (`2023-09-28T01:45:43.997`) -* [CVE-2023-44160](CVE-2023/CVE-2023-441xx/CVE-2023-44160.json) (`2023-09-28T01:47:00.950`) -* [CVE-2023-44161](CVE-2023/CVE-2023-441xx/CVE-2023-44161.json) (`2023-09-28T01:52:50.597`) -* [CVE-2023-44207](CVE-2023/CVE-2023-442xx/CVE-2023-44207.json) (`2023-09-28T01:58:26.690`) +* [CVE-2022-36087](CVE-2022/CVE-2022-360xx/CVE-2022-36087.json) (`2023-09-28T03:15:09.057`) +* [CVE-2023-41051](CVE-2023/CVE-2023-410xx/CVE-2023-41051.json) (`2023-09-28T03:15:10.457`) ## Download and Usage