Auto-Update: 2024-04-29T04:00:38.623922+00:00

CVE-2023/CVE-2023-46xx/CVE-2023-4692.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-4692",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2023-10-25T18:17:41.743",
-  "lastModified": "2024-04-23T02:15:47.930",
+  "lastModified": "2024-04-29T03:15:09.310",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -142,6 +142,10 @@
         "Third Party Advisory"
       ]
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/",
       "source": "secalert@redhat.com"

CVE-2023/CVE-2023-46xx/CVE-2023-4693.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-4693",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2023-10-25T18:17:41.817",
-  "lastModified": "2024-04-23T02:15:48.087",
+  "lastModified": "2024-04-29T03:15:09.480",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -142,6 +142,10 @@
         "Third Party Advisory"
       ]
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/",
       "source": "secalert@redhat.com"

CVE-2024/CVE-2024-42xx/CVE-2024-4296.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-4296",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-04-29T02:15:06.153",
+  "lastModified": "2024-04-29T02:15:06.153",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7765-49906-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}

CVE-2024/CVE-2024-42xx/CVE-2024-4297.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-4297",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-04-29T03:15:09.613",
+  "lastModified": "2024-04-29T03:15:09.613",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7767-ce3b4-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}

CVE-2024/CVE-2024-42xx/CVE-2024-4298.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-4298",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-04-29T03:15:09.810",
+  "lastModified": "2024-04-29T03:15:09.810",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7769-0773a-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-04-29T02:00:29.792519+00:00
+2024-04-29T04:00:38.623922+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-04-29T01:15:09.600000+00:00
+2024-04-29T03:15:09.810000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,21 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-247017
+247020
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `3`
 
-- [CVE-2024-33899](CVE-2024/CVE-2024-338xx/CVE-2024-33899.json) (`2024-04-29T00:15:07.773`)
-- [CVE-2024-33903](CVE-2024/CVE-2024-339xx/CVE-2024-33903.json) (`2024-04-29T01:15:09.600`)
+- [CVE-2024-4296](CVE-2024/CVE-2024-42xx/CVE-2024-4296.json) (`2024-04-29T02:15:06.153`)
+- [CVE-2024-4297](CVE-2024/CVE-2024-42xx/CVE-2024-4297.json) (`2024-04-29T03:15:09.613`)
+- [CVE-2024-4298](CVE-2024/CVE-2024-42xx/CVE-2024-4298.json) (`2024-04-29T03:15:09.810`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `2`
 
+- [CVE-2023-4692](CVE-2023/CVE-2023-46xx/CVE-2023-4692.json) (`2024-04-29T03:15:09.310`)
+- [CVE-2023-4693](CVE-2023/CVE-2023-46xx/CVE-2023-4693.json) (`2024-04-29T03:15:09.480`)
 
 
 ## Download and Usage

_state.csv

@@ -233076,12 +233076,12 @@ CVE-2023-46914,0,0,c59adb74e4c80e2986f7cbf12bded831271a227b08fb4bcf358c8a2151c16
 CVE-2023-46916,0,0,807dec74b0b6302aa78a9b1a564deb8dae9da79985c10fc5f40f549edd1dd100,2023-12-12T17:03:51.163000
 CVE-2023-46918,0,0,778a5b7a17f93ea048ea10d26e5870dcbb0e2ebfe6cf90309ef7420272b8cd33,2024-01-05T17:24:42.153000
 CVE-2023-46919,0,0,483dbc1ac50d3d8abd2c60ae86d8ddee9660e752ace819201c59dbd8b27520f8,2024-01-05T18:35:20.857000
-CVE-2023-4692,0,0,4919df09aaeba176a6a4d69eb6bf676cb10380d8f70c7df8edb44fee6e74612e,2024-04-23T02:15:47.930000
+CVE-2023-4692,0,1,344b4a37980672b8486b75cfa0bdde80fee355883a269351c89e3b8757112e72,2024-04-29T03:15:09.310000
 CVE-2023-46925,0,0,474049e6d20eb13bc575b65561ef84204e608a738f0064cb996ff655202f4db6,2023-11-09T17:46:52.517000
 CVE-2023-46927,0,0,456f3b68c111783341a61120a7d7e73c89200952dbed58aeb4bf5bca9eb4478b,2023-11-08T19:35:56.783000
 CVE-2023-46928,0,0,dbfacac533f97d8c2bde499ce6922d40d78d9f3b0bb57ad0be92dbe4894d1239,2023-11-08T19:31:58.797000
 CVE-2023-46929,0,0,4b9a36b63210b5bf3fec4e65cc498ed3b2577a322d91bc8ef6e07cb6de32caa5,2024-01-10T19:26:28.647000
-CVE-2023-4693,0,0,b26f9a8fb4f44cbe84dbf174637055152d70cce8df279438b32a59b91e36e271,2024-04-23T02:15:48.087000
+CVE-2023-4693,0,1,0ef623ea51d2cff073a3080052a5b3e580de738e9c70e2deea304a44415b6e9f,2024-04-29T03:15:09.480000
 CVE-2023-46930,0,0,443982cf4f9c9d9211b72c7a5eeec2189c4d88d6928a4ab3098294f9b9d79991,2023-11-08T19:41:01.493000
 CVE-2023-46931,0,0,dc0c5aeb658231ecdb137544de7e966d78b050885917a9eabad5feda7e19db03,2023-11-08T19:36:49.673000
 CVE-2023-46932,0,0,1e42f5d6f78dc1da5f70ec6553388859dad53ed5da3358f8c3a1cfe520573e36,2023-12-12T22:32:26.197000
@@ -246687,8 +246687,8 @@ CVE-2024-3387,0,0,59a783d7f5a632f1312dc02ccd745e7c758f93e478c4554a0dbc9aba27d256
 CVE-2024-3388,0,0,9a13547aa29d2171bfe252870fb3dde44261a463a11a31d9062dc130e0f3c4f3,2024-04-10T19:49:51.183000
 CVE-2024-33883,0,0,3b17b48394bf62744fbd468bf457ba6f01138ca86f08a667646ea9846d188bb5,2024-04-28T16:15:23.233000
 CVE-2024-33891,0,0,4d067bbdb453306352bedaf699cdd4319a93f8f140e1ffcfce72980a6fa91b2e,2024-04-28T23:15:07.200000
-CVE-2024-33899,1,1,83c5c675381e020685b43fd536d5112506568fc46560c71323f3b12b51ed8097,2024-04-29T00:15:07.773000
-CVE-2024-33903,1,1,d96c3db96f0e438997e300c2112a3a0d050aa12880229d964d5b557d89ba9aa1,2024-04-29T01:15:09.600000
+CVE-2024-33899,0,0,83c5c675381e020685b43fd536d5112506568fc46560c71323f3b12b51ed8097,2024-04-29T00:15:07.773000
+CVE-2024-33903,0,0,d96c3db96f0e438997e300c2112a3a0d050aa12880229d964d5b557d89ba9aa1,2024-04-29T01:15:09.600000
 CVE-2024-3400,0,0,5bb68c1f741d7492d6e3e08b6f1711eb6e28a4a827bd2f3f354ccd1b7a47a1fe,2024-04-23T19:57:25.207000
 CVE-2024-3413,0,0,7c0263f5aa26015f580f259b17ac76e3fb232807ce6eb6b3e0fa4a42d34def58,2024-04-11T01:26:00.727000
 CVE-2024-3414,0,0,fcf8b2012e3dcab7048965e9d40e8c26f25a86217cc70e6c24a2ae712b119943,2024-04-11T01:26:00.803000
@@ -247016,3 +247016,6 @@ CVE-2024-4291,0,0,2865a121351ebb56160fcf65d7e9586ac99e0ff8d6036dc46e718a2eabc1d3
 CVE-2024-4292,0,0,f35115db4ed64c24607ced52e93cbcd1c5148fc71f3b2566211f6e6c34c15f40,2024-04-27T21:15:47.453000
 CVE-2024-4293,0,0,0728359e5c83609717b6c30efe8cad67c03c56d671ce2adc06f7d27fb0c3ea84,2024-04-27T22:15:08.110000
 CVE-2024-4294,0,0,acd8c525c0dbd05d938d9cfd91b4f84bb2cd9884ab996901732c285a16449adb,2024-04-27T23:15:06.470000
+CVE-2024-4296,1,1,c1d96940ea7b43530c90e361026a1465dd23d6cea465eae6b4e8fab350dd5200,2024-04-29T02:15:06.153000
+CVE-2024-4297,1,1,beec816d4a0b36417a8c7e4d11aae9631f4c8663ea5a064622665d3b052214e9,2024-04-29T03:15:09.613000
+CVE-2024-4298,1,1,f9266dd2ad13ca247a2df7083a82f45a12f2423c014a4332f080e78d4a30747d,2024-04-29T03:15:09.810000