Auto-Update: 2023-11-03T07:00:19.194206+00:00

2025-05-06 18:52:58 +00:00 · 2023-11-03 07:00:22 +00:00 · 2023-11-03 07:00:22 +00:00 · cf3e83be8d
commit cf3e83be8d
parent 2ff1297c05
27 changed files with 970 additions and 20 deletions
--- a/CVE-2022/CVE-2022-295xx/CVE-2022-29548.json
+++ b/CVE-2022/CVE-2022-295xx/CVE-2022-29548.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-29548",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2022-04-21T02:15:06.800",
-  "lastModified": "2022-12-02T22:41:29.290",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-11-03T05:15:29.183",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -278,6 +278,10 @@
      "tags": [
        "Vendor Advisory"
      ]
+    },
+    {
+      "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1603/",
+      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-389xx/CVE-2023-38965.json
+++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38965.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-38965",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:29.400",
+  "lastModified": "2023-11-03T05:15:29.400",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://packetstormsecurity.com/files/175077/Lost-And-Found-Information-System-1.0-Insecure-Direct-Object-Reference.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/Or4ngm4n/vulnreability-code-review-php/blob/main/Lost%20and%20Found%20Information%20System%20v1.0.txt",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-411xx/CVE-2023-41164.json
+++ b/CVE-2023/CVE-2023-411xx/CVE-2023-41164.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-41164",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:29.447",
+  "lastModified": "2023-11-03T05:15:29.447",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://docs.djangoproject.com/en/4.2/releases/security/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://groups.google.com/forum/#!forum/django-announce",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.djangoproject.com/weblog/2023/sep/04/security-releases/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-412xx/CVE-2023-41259.json
+++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41259.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-41259",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:29.490",
+  "lastModified": "2023-11-03T05:15:29.490",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://docs.bestpractical.com/release-notes/rt/4.4.7",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://docs.bestpractical.com/release-notes/rt/5.0.5",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://docs.bestpractical.com/release-notes/rt/index.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-412xx/CVE-2023-41260.json
+++ b/CVE-2023/CVE-2023-412xx/CVE-2023-41260.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-41260",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:29.537",
+  "lastModified": "2023-11-03T05:15:29.537",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://docs.bestpractical.com/release-notes/rt/4.4.7",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://docs.bestpractical.com/release-notes/rt/5.0.5",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://docs.bestpractical.com/release-notes/rt/index.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41343.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41343.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41343",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T05:15:29.583",
+  "lastModified": "2023-11-03T05:15:29.583",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7509-5b734-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41345.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41345.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41345",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T05:15:29.660",
+  "lastModified": "2023-11-03T05:15:29.660",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7496-96e2c-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41346.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41346.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41346",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T05:15:29.733",
+  "lastModified": "2023-11-03T05:15:29.733",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7497-f92ac-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41347.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41347.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41347",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T05:15:29.800",
+  "lastModified": "2023-11-03T05:15:29.800",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7498-18012-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41348.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41348.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41348",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T05:15:29.867",
+  "lastModified": "2023-11-03T05:15:29.867",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7499-63907-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41350.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41350.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41350",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T05:15:29.930",
+  "lastModified": "2023-11-03T05:15:29.930",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-307"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7500-0c544-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41351.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41351.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41351",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T06:15:07.107",
+  "lastModified": "2023-11-03T06:15:07.107",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-288"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7501-6155a-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41352.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41352.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41352",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T06:15:07.313",
+  "lastModified": "2023-11-03T06:15:07.313",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7502-287ec-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41353.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41353.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41353",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T06:15:07.417",
+  "lastModified": "2023-11-03T06:15:07.417",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-521"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7503-a27ed-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41354.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41354.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41354",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T06:15:07.527",
+  "lastModified": "2023-11-03T06:15:07.527",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.0,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7504-c6a5e-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41355.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41355.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41355",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T06:15:07.630",
+  "lastModified": "2023-11-03T06:15:07.630",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7505-a0c94-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-419xx/CVE-2023-41914.json
+++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41914.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-41914",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:30.000",
+  "lastModified": "2023-11-03T05:15:30.000",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000100.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://schedmd.com/security.php",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-436xx/CVE-2023-43665.json
+++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43665.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-43665",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:30.047",
+  "lastModified": "2023-11-03T05:15:30.047",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://docs.djangoproject.com/en/4.2/releases/security/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://groups.google.com/forum/#!forum/django-announce",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.djangoproject.com/weblog/2023/oct/04/security-releases/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-439xx/CVE-2023-43982.json
+++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43982.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-43982",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:30.093",
+  "lastModified": "2023-11-03T05:15:30.093",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2023/11/02/boninstagramcarousel.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-442xx/CVE-2023-44271.json
+++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44271.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-44271",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:30.137",
+  "lastModified": "2023-11-03T05:15:30.137",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-44271/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/python-pillow/Pillow/pull/7244",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
+++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44487.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-44487",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-10-10T14:15:10.883",
-  "lastModified": "2023-10-31T16:15:09.080",
+  "lastModified": "2023-11-03T05:15:30.180",
  "vulnStatus": "Undergoing Analysis",
  "cisaExploitAdd": "2023-10-10",
  "cisaActionDue": "2023-10-31",
@ -2061,6 +2061,10 @@
        "Vendor Advisory"
      ]
    },
+    {
+      "url": "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve",
      "source": "cve@mitre.org",
--- a/CVE-2023/CVE-2023-450xx/CVE-2023-45024.json
+++ b/CVE-2023/CVE-2023-450xx/CVE-2023-45024.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-45024",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:30.687",
+  "lastModified": "2023-11-03T05:15:30.687",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://docs.bestpractical.com/release-notes/rt/5.0.5",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://docs.bestpractical.com/release-notes/rt/index.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-453xx/CVE-2023-45360.json
+++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45360.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-45360",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:30.730",
+  "lastModified": "2023-11-03T05:15:30.730",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://phabricator.wikimedia.org/T340221",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-453xx/CVE-2023-45362.json
+++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45362.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-45362",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:30.773",
+  "lastModified": "2023-11-03T05:15:30.773",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka \"X intermediate revisions by the same user not shown\") ignores username suppression. This is an information leak."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://phabricator.wikimedia.org/T341529",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-465xx/CVE-2023-46517.json
+++ b/CVE-2023/CVE-2023-465xx/CVE-2023-46517.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-46517",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:30.817",
+  "lastModified": "2023-11-03T05:15:30.817",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2023/CVE-2023-468xx/CVE-2023-46817.json
+++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46817.json
@ -0,0 +1,36 @@
+{
+  "id": "CVE-2023-46817",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-11-03T05:15:30.867",
+  "lastModified": "2023-11-03T05:15:30.867",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2023/Oct/30",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://docs.phpfox.com/display/FOX4MAN/phpFox+4.8.14",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://karmainsecurity.com/KIS-2023-12",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://karmainsecurity.com/pocs/CVE-2023-46817.php",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.phpfox.com/blog/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-03T05:00:19.731004+00:00
+2023-11-03T07:00:19.194206+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-03T04:15:21.083000+00:00
+2023-11-03T06:15:07.630000+00:00
 ```

 ### Last Data Feed Release
@ -29,31 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-229689
+229713
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `9`
+Recently added CVEs: `24`

-* [CVE-2020-28407](CVE-2020/CVE-2020-284xx/CVE-2020-28407.json) (`2023-11-03T04:15:15.447`)
-* [CVE-2023-35896](CVE-2023/CVE-2023-358xx/CVE-2023-35896.json) (`2023-11-03T03:15:07.720`)
-* [CVE-2023-46954](CVE-2023/CVE-2023-469xx/CVE-2023-46954.json) (`2023-11-03T03:15:07.920`)
-* [CVE-2023-31102](CVE-2023/CVE-2023-311xx/CVE-2023-31102.json) (`2023-11-03T04:15:20.793`)
-* [CVE-2023-34259](CVE-2023/CVE-2023-342xx/CVE-2023-34259.json) (`2023-11-03T04:15:20.853`)
-* [CVE-2023-34260](CVE-2023/CVE-2023-342xx/CVE-2023-34260.json) (`2023-11-03T04:15:20.907`)
-* [CVE-2023-34261](CVE-2023/CVE-2023-342xx/CVE-2023-34261.json) (`2023-11-03T04:15:20.963`)
-* [CVE-2023-36620](CVE-2023/CVE-2023-366xx/CVE-2023-36620.json) (`2023-11-03T04:15:21.023`)
-* [CVE-2023-36621](CVE-2023/CVE-2023-366xx/CVE-2023-36621.json) (`2023-11-03T04:15:21.083`)
+* [CVE-2023-38965](CVE-2023/CVE-2023-389xx/CVE-2023-38965.json) (`2023-11-03T05:15:29.400`)
+* [CVE-2023-41164](CVE-2023/CVE-2023-411xx/CVE-2023-41164.json) (`2023-11-03T05:15:29.447`)
+* [CVE-2023-41259](CVE-2023/CVE-2023-412xx/CVE-2023-41259.json) (`2023-11-03T05:15:29.490`)
+* [CVE-2023-41260](CVE-2023/CVE-2023-412xx/CVE-2023-41260.json) (`2023-11-03T05:15:29.537`)
+* [CVE-2023-41343](CVE-2023/CVE-2023-413xx/CVE-2023-41343.json) (`2023-11-03T05:15:29.583`)
+* [CVE-2023-41345](CVE-2023/CVE-2023-413xx/CVE-2023-41345.json) (`2023-11-03T05:15:29.660`)
+* [CVE-2023-41346](CVE-2023/CVE-2023-413xx/CVE-2023-41346.json) (`2023-11-03T05:15:29.733`)
+* [CVE-2023-41347](CVE-2023/CVE-2023-413xx/CVE-2023-41347.json) (`2023-11-03T05:15:29.800`)
+* [CVE-2023-41348](CVE-2023/CVE-2023-413xx/CVE-2023-41348.json) (`2023-11-03T05:15:29.867`)
+* [CVE-2023-41350](CVE-2023/CVE-2023-413xx/CVE-2023-41350.json) (`2023-11-03T05:15:29.930`)
+* [CVE-2023-41914](CVE-2023/CVE-2023-419xx/CVE-2023-41914.json) (`2023-11-03T05:15:30.000`)
+* [CVE-2023-43665](CVE-2023/CVE-2023-436xx/CVE-2023-43665.json) (`2023-11-03T05:15:30.047`)
+* [CVE-2023-43982](CVE-2023/CVE-2023-439xx/CVE-2023-43982.json) (`2023-11-03T05:15:30.093`)
+* [CVE-2023-44271](CVE-2023/CVE-2023-442xx/CVE-2023-44271.json) (`2023-11-03T05:15:30.137`)
+* [CVE-2023-45024](CVE-2023/CVE-2023-450xx/CVE-2023-45024.json) (`2023-11-03T05:15:30.687`)
+* [CVE-2023-45360](CVE-2023/CVE-2023-453xx/CVE-2023-45360.json) (`2023-11-03T05:15:30.730`)
+* [CVE-2023-45362](CVE-2023/CVE-2023-453xx/CVE-2023-45362.json) (`2023-11-03T05:15:30.773`)
+* [CVE-2023-46517](CVE-2023/CVE-2023-465xx/CVE-2023-46517.json) (`2023-11-03T05:15:30.817`)
+* [CVE-2023-46817](CVE-2023/CVE-2023-468xx/CVE-2023-46817.json) (`2023-11-03T05:15:30.867`)
+* [CVE-2023-41351](CVE-2023/CVE-2023-413xx/CVE-2023-41351.json) (`2023-11-03T06:15:07.107`)
+* [CVE-2023-41352](CVE-2023/CVE-2023-413xx/CVE-2023-41352.json) (`2023-11-03T06:15:07.313`)
+* [CVE-2023-41353](CVE-2023/CVE-2023-413xx/CVE-2023-41353.json) (`2023-11-03T06:15:07.417`)
+* [CVE-2023-41354](CVE-2023/CVE-2023-413xx/CVE-2023-41354.json) (`2023-11-03T06:15:07.527`)
+* [CVE-2023-41355](CVE-2023/CVE-2023-413xx/CVE-2023-41355.json) (`2023-11-03T06:15:07.630`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `3`
+Recently modified CVEs: `2`

-* [CVE-2022-34300](CVE-2022/CVE-2022-343xx/CVE-2022-34300.json) (`2023-11-03T03:15:07.587`)
-* [CVE-2023-45803](CVE-2023/CVE-2023-458xx/CVE-2023-45803.json) (`2023-11-03T03:15:07.807`)
-* [CVE-2023-5472](CVE-2023/CVE-2023-54xx/CVE-2023-5472.json) (`2023-11-03T03:15:07.963`)
+* [CVE-2022-29548](CVE-2022/CVE-2022-295xx/CVE-2022-29548.json) (`2023-11-03T05:15:29.183`)
+* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-11-03T05:15:30.180`)


 ## Download and Usage