Auto-Update: 2024-01-26T07:00:24.434679+00:00

2025-07-09 16:05:11 +00:00 · 2024-01-26 07:00:28 +00:00 · 2024-01-26 07:00:28 +00:00 · bd560e8733
commit bd560e8733
parent 7d3e520c46
6 changed files with 157 additions and 32 deletions
--- a/CVE-2023/CVE-2023-383xx/CVE-2023-38317.json
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38317.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-38317",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T05:15:11.553",
+  "lastModified": "2024-01-26T05:15:11.553",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.3",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-38318",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T05:15:11.970",
+  "lastModified": "2024-01-26T05:15:11.970",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.3",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-38319",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T05:15:12.063",
+  "lastModified": "2024-01-26T05:15:12.063",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.3",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-383xx/CVE-2023-38323.json
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38323.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-38323",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T05:15:12.130",
+  "lastModified": "2024-01-26T05:15:12.130",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.3",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-383xx/CVE-2023-38324.json
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38324.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-38324",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-11-17T06:15:33.760",
-  "lastModified": "2023-11-23T03:36:57.720",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-26T05:15:12.203",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default)."
+      "value": "An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS."
    },
    {
      "lang": "es",
@ -69,6 +69,14 @@
    }
  ],
  "references": [
+    {
+      "url": "https://cwe.mitre.org/data/definitions/1390.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.2",
      "source": "cve@mitre.org",
@ -76,6 +84,14 @@
        "Release Notes",
        "Vendor Advisory"
      ]
+    },
+    {
+      "url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
+      "source": "cve@mitre.org"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-26T03:00:25.384184+00:00
+2024-01-26T07:00:24.434679+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-26T02:15:08.317000+00:00
+2024-01-26T05:15:12.203000+00:00
 ```

 ### Last Data Feed Release
@ -29,43 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-236853
+236857
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `10`
+Recently added CVEs: `4`

-* [CVE-2023-5933](CVE-2023/CVE-2023-59xx/CVE-2023-5933.json) (`2024-01-26T01:15:08.660`)
-* [CVE-2023-5612](CVE-2023/CVE-2023-56xx/CVE-2023-5612.json) (`2024-01-26T02:15:07.357`)
-* [CVE-2023-6159](CVE-2023/CVE-2023-61xx/CVE-2023-6159.json) (`2024-01-26T02:15:07.567`)
-* [CVE-2024-0402](CVE-2024/CVE-2024-04xx/CVE-2024-0402.json) (`2024-01-26T01:15:08.920`)
-* [CVE-2024-0456](CVE-2024/CVE-2024-04xx/CVE-2024-0456.json) (`2024-01-26T01:15:09.110`)
-* [CVE-2024-21326](CVE-2024/CVE-2024-213xx/CVE-2024-21326.json) (`2024-01-26T01:15:10.010`)
-* [CVE-2024-21382](CVE-2024/CVE-2024-213xx/CVE-2024-21382.json) (`2024-01-26T01:15:10.187`)
-* [CVE-2024-21383](CVE-2024/CVE-2024-213xx/CVE-2024-21383.json) (`2024-01-26T01:15:10.367`)
-* [CVE-2024-21385](CVE-2024/CVE-2024-213xx/CVE-2024-21385.json) (`2024-01-26T01:15:10.540`)
-* [CVE-2024-21387](CVE-2024/CVE-2024-213xx/CVE-2024-21387.json) (`2024-01-26T01:15:10.703`)
+* [CVE-2023-38317](CVE-2023/CVE-2023-383xx/CVE-2023-38317.json) (`2024-01-26T05:15:11.553`)
+* [CVE-2023-38318](CVE-2023/CVE-2023-383xx/CVE-2023-38318.json) (`2024-01-26T05:15:11.970`)
+* [CVE-2023-38319](CVE-2023/CVE-2023-383xx/CVE-2023-38319.json) (`2024-01-26T05:15:12.063`)
+* [CVE-2023-38323](CVE-2023/CVE-2023-383xx/CVE-2023-38323.json) (`2024-01-26T05:15:12.130`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `14`
+Recently modified CVEs: `1`

-* [CVE-2023-5455](CVE-2023/CVE-2023-54xx/CVE-2023-5455.json) (`2024-01-26T02:15:07.177`)
-* [CVE-2024-20677](CVE-2024/CVE-2024-206xx/CVE-2024-20677.json) (`2024-01-26T01:15:09.533`)
-* [CVE-2024-21596](CVE-2024/CVE-2024-215xx/CVE-2024-21596.json) (`2024-01-26T01:15:10.873`)
-* [CVE-2024-0804](CVE-2024/CVE-2024-08xx/CVE-2024-0804.json) (`2024-01-26T02:15:07.777`)
-* [CVE-2024-0805](CVE-2024/CVE-2024-08xx/CVE-2024-0805.json) (`2024-01-26T02:15:07.833`)
-* [CVE-2024-0806](CVE-2024/CVE-2024-08xx/CVE-2024-0806.json) (`2024-01-26T02:15:07.887`)
-* [CVE-2024-0807](CVE-2024/CVE-2024-08xx/CVE-2024-0807.json) (`2024-01-26T02:15:07.943`)
-* [CVE-2024-0808](CVE-2024/CVE-2024-08xx/CVE-2024-0808.json) (`2024-01-26T02:15:07.993`)
-* [CVE-2024-0809](CVE-2024/CVE-2024-08xx/CVE-2024-0809.json) (`2024-01-26T02:15:08.050`)
-* [CVE-2024-0810](CVE-2024/CVE-2024-08xx/CVE-2024-0810.json) (`2024-01-26T02:15:08.107`)
-* [CVE-2024-0811](CVE-2024/CVE-2024-08xx/CVE-2024-0811.json) (`2024-01-26T02:15:08.160`)
-* [CVE-2024-0812](CVE-2024/CVE-2024-08xx/CVE-2024-0812.json) (`2024-01-26T02:15:08.210`)
-* [CVE-2024-0813](CVE-2024/CVE-2024-08xx/CVE-2024-0813.json) (`2024-01-26T02:15:08.263`)
-* [CVE-2024-0814](CVE-2024/CVE-2024-08xx/CVE-2024-0814.json) (`2024-01-26T02:15:08.317`)
+* [CVE-2023-38324](CVE-2023/CVE-2023-383xx/CVE-2023-38324.json) (`2024-01-26T05:15:12.203`)


 ## Download and Usage