From bd560e8733bdd4f4e77db7deb10aeb2b2297a41e Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Fri, 26 Jan 2024 07:00:28 +0000
Subject: [PATCH] Auto-Update: 2024-01-26T07:00:24.434679+00:00

---
 CVE-2023/CVE-2023-383xx/CVE-2023-38317.json | 32 +++++++++++++++++
 CVE-2023/CVE-2023-383xx/CVE-2023-38318.json | 32 +++++++++++++++++
 CVE-2023/CVE-2023-383xx/CVE-2023-38319.json | 32 +++++++++++++++++
 CVE-2023/CVE-2023-383xx/CVE-2023-38323.json | 32 +++++++++++++++++
 CVE-2023/CVE-2023-383xx/CVE-2023-38324.json | 22 ++++++++++--
 README.md                                   | 39 ++++++---------------
 6 files changed, 157 insertions(+), 32 deletions(-)
 create mode 100644 CVE-2023/CVE-2023-383xx/CVE-2023-38317.json
 create mode 100644 CVE-2023/CVE-2023-383xx/CVE-2023-38318.json
 create mode 100644 CVE-2023/CVE-2023-383xx/CVE-2023-38319.json
 create mode 100644 CVE-2023/CVE-2023-383xx/CVE-2023-38323.json

diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38317.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38317.json
new file mode 100644
index 00000000000..70aa0129105
--- /dev/null
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38317.json
@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-38317",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T05:15:11.553",
+  "lastModified": "2024-01-26T05:15:11.553",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.3",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json
new file mode 100644
index 00000000000..9ae724a4729
--- /dev/null
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38318.json
@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-38318",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T05:15:11.970",
+  "lastModified": "2024-01-26T05:15:11.970",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.3",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json
new file mode 100644
index 00000000000..b4ddb7e9954
--- /dev/null
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38319.json
@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-38319",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T05:15:12.063",
+  "lastModified": "2024-01-26T05:15:12.063",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.3",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38323.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38323.json
new file mode 100644
index 00000000000..69a2f87d887
--- /dev/null
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38323.json
@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-38323",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-26T05:15:12.130",
+  "lastModified": "2024-01-26T05:15:12.130",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.3",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-383xx/CVE-2023-38324.json b/CVE-2023/CVE-2023-383xx/CVE-2023-38324.json
index bb2e15df58f..162c40c0a23 100644
--- a/CVE-2023/CVE-2023-383xx/CVE-2023-38324.json
+++ b/CVE-2023/CVE-2023-383xx/CVE-2023-38324.json
@@ -2,12 +2,12 @@
   "id": "CVE-2023-38324",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-11-17T06:15:33.760",
-  "lastModified": "2023-11-23T03:36:57.720",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-26T05:15:12.203",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default)."
+      "value": "An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS."
     },
     {
       "lang": "es",
@@ -69,6 +69,14 @@
     }
   ],
   "references": [
+    {
+      "url": "https://cwe.mitre.org/data/definitions/1390.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/openNDS/openNDS/blob/master/ChangeLog",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://github.com/openNDS/openNDS/releases/tag/v10.1.2",
       "source": "cve@mitre.org",
@@ -76,6 +84,14 @@
         "Release Notes",
         "Vendor Advisory"
       ]
+    },
+    {
+      "url": "https://openwrt.org/docs/guide-user/services/captive-portal/opennds",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.forescout.com/resources/sierra21-vulnerabilities",
+      "source": "cve@mitre.org"
     }
   ]
 }
\ No newline at end of file
diff --git a/README.md b/README.md
index 6b9d52c6c39..0c7b93ac866 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-01-26T03:00:25.384184+00:00
+2024-01-26T07:00:24.434679+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-01-26T02:15:08.317000+00:00
+2024-01-26T05:15:12.203000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,43 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-236853
+236857
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `10`
+Recently added CVEs: `4`
 
-* [CVE-2023-5933](CVE-2023/CVE-2023-59xx/CVE-2023-5933.json) (`2024-01-26T01:15:08.660`)
-* [CVE-2023-5612](CVE-2023/CVE-2023-56xx/CVE-2023-5612.json) (`2024-01-26T02:15:07.357`)
-* [CVE-2023-6159](CVE-2023/CVE-2023-61xx/CVE-2023-6159.json) (`2024-01-26T02:15:07.567`)
-* [CVE-2024-0402](CVE-2024/CVE-2024-04xx/CVE-2024-0402.json) (`2024-01-26T01:15:08.920`)
-* [CVE-2024-0456](CVE-2024/CVE-2024-04xx/CVE-2024-0456.json) (`2024-01-26T01:15:09.110`)
-* [CVE-2024-21326](CVE-2024/CVE-2024-213xx/CVE-2024-21326.json) (`2024-01-26T01:15:10.010`)
-* [CVE-2024-21382](CVE-2024/CVE-2024-213xx/CVE-2024-21382.json) (`2024-01-26T01:15:10.187`)
-* [CVE-2024-21383](CVE-2024/CVE-2024-213xx/CVE-2024-21383.json) (`2024-01-26T01:15:10.367`)
-* [CVE-2024-21385](CVE-2024/CVE-2024-213xx/CVE-2024-21385.json) (`2024-01-26T01:15:10.540`)
-* [CVE-2024-21387](CVE-2024/CVE-2024-213xx/CVE-2024-21387.json) (`2024-01-26T01:15:10.703`)
+* [CVE-2023-38317](CVE-2023/CVE-2023-383xx/CVE-2023-38317.json) (`2024-01-26T05:15:11.553`)
+* [CVE-2023-38318](CVE-2023/CVE-2023-383xx/CVE-2023-38318.json) (`2024-01-26T05:15:11.970`)
+* [CVE-2023-38319](CVE-2023/CVE-2023-383xx/CVE-2023-38319.json) (`2024-01-26T05:15:12.063`)
+* [CVE-2023-38323](CVE-2023/CVE-2023-383xx/CVE-2023-38323.json) (`2024-01-26T05:15:12.130`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `14`
+Recently modified CVEs: `1`
 
-* [CVE-2023-5455](CVE-2023/CVE-2023-54xx/CVE-2023-5455.json) (`2024-01-26T02:15:07.177`)
-* [CVE-2024-20677](CVE-2024/CVE-2024-206xx/CVE-2024-20677.json) (`2024-01-26T01:15:09.533`)
-* [CVE-2024-21596](CVE-2024/CVE-2024-215xx/CVE-2024-21596.json) (`2024-01-26T01:15:10.873`)
-* [CVE-2024-0804](CVE-2024/CVE-2024-08xx/CVE-2024-0804.json) (`2024-01-26T02:15:07.777`)
-* [CVE-2024-0805](CVE-2024/CVE-2024-08xx/CVE-2024-0805.json) (`2024-01-26T02:15:07.833`)
-* [CVE-2024-0806](CVE-2024/CVE-2024-08xx/CVE-2024-0806.json) (`2024-01-26T02:15:07.887`)
-* [CVE-2024-0807](CVE-2024/CVE-2024-08xx/CVE-2024-0807.json) (`2024-01-26T02:15:07.943`)
-* [CVE-2024-0808](CVE-2024/CVE-2024-08xx/CVE-2024-0808.json) (`2024-01-26T02:15:07.993`)
-* [CVE-2024-0809](CVE-2024/CVE-2024-08xx/CVE-2024-0809.json) (`2024-01-26T02:15:08.050`)
-* [CVE-2024-0810](CVE-2024/CVE-2024-08xx/CVE-2024-0810.json) (`2024-01-26T02:15:08.107`)
-* [CVE-2024-0811](CVE-2024/CVE-2024-08xx/CVE-2024-0811.json) (`2024-01-26T02:15:08.160`)
-* [CVE-2024-0812](CVE-2024/CVE-2024-08xx/CVE-2024-0812.json) (`2024-01-26T02:15:08.210`)
-* [CVE-2024-0813](CVE-2024/CVE-2024-08xx/CVE-2024-0813.json) (`2024-01-26T02:15:08.263`)
-* [CVE-2024-0814](CVE-2024/CVE-2024-08xx/CVE-2024-0814.json) (`2024-01-26T02:15:08.317`)
+* [CVE-2023-38324](CVE-2023/CVE-2023-383xx/CVE-2023-38324.json) (`2024-01-26T05:15:12.203`)
 
 
 ## Download and Usage