diff --git a/CVE-2023/CVE-2023-11xx/CVE-2023-1194.json b/CVE-2023/CVE-2023-11xx/CVE-2023-1194.json new file mode 100644 index 00000000000..07e7cd1dd81 --- /dev/null +++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1194.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-1194", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-11-03T08:15:07.490", + "lastModified": "2023-11-03T08:15:07.490", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-1194", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154176", + "source": "secalert@redhat.com" + }, + { + "url": "https://www.spinics.net/lists/stable-commits/msg303065.html", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4091.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4091.json new file mode 100644 index 00000000000..db62f21e956 --- /dev/null +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4091.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-4091", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-11-03T08:15:08.197", + "lastModified": "2023-11-03T08:15:08.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module \"acl_xattr\" is configured with \"acl_xattr:ignore system acls = yes\". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:6209", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-4091", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241882", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.samba.org/show_bug.cgi?id=15439", + "source": "secalert@redhat.com" + }, + { + "url": "https://www.samba.org/samba/security/CVE-2023-4091.html", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41344.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41344.json new file mode 100644 index 00000000000..109108f3737 --- /dev/null +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41344.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41344", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-11-03T07:15:14.190", + "lastModified": "2023-11-03T07:15:14.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7507-55b28-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41345.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41345.json index 200c874940e..3fd12b1a9e9 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41345.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41345.json @@ -2,12 +2,12 @@ "id": "CVE-2023-41345", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-11-03T05:15:29.660", - "lastModified": "2023-11-03T05:15:29.660", + "lastModified": "2023-11-03T08:15:07.590", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services." + "value": "ASUS RT-AX55\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41346.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41346.json index 8ec2d597b2d..404b8530d06 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41346.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41346.json @@ -2,12 +2,12 @@ "id": "CVE-2023-41346", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-11-03T05:15:29.733", - "lastModified": "2023-11-03T05:15:29.733", + "lastModified": "2023-11-03T08:15:07.673", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services." + "value": "ASUS RT-AX55\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41347.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41347.json index 47c33852b27..7d703f43652 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41347.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41347.json @@ -2,12 +2,12 @@ "id": "CVE-2023-41347", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-11-03T05:15:29.800", - "lastModified": "2023-11-03T05:15:29.800", + "lastModified": "2023-11-03T08:15:07.737", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services." + "value": "ASUS RT-AX55\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41348.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41348.json index 2d7c5c41f5d..ce9e49e698e 100644 --- a/CVE-2023/CVE-2023-413xx/CVE-2023-41348.json +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41348.json @@ -2,12 +2,12 @@ "id": "CVE-2023-41348", "sourceIdentifier": "twcert@cert.org.tw", "published": "2023-11-03T05:15:29.867", - "lastModified": "2023-11-03T05:15:29.867", + "lastModified": "2023-11-03T08:15:07.813", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services." + "value": "ASUS RT-AX55\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41356.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41356.json new file mode 100644 index 00000000000..9647ab5812d --- /dev/null +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41356.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41356", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-11-03T07:15:14.403", + "lastModified": "2023-11-03T07:15:14.403", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7506-b4e29-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-413xx/CVE-2023-41357.json b/CVE-2023/CVE-2023-413xx/CVE-2023-41357.json new file mode 100644 index 00000000000..d0e5cbf9b83 --- /dev/null +++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41357.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-41357", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2023-11-03T07:15:14.503", + "lastModified": "2023-11-03T07:15:14.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-426xx/CVE-2023-42670.json b/CVE-2023/CVE-2023-426xx/CVE-2023-42670.json new file mode 100644 index 00000000000..d63369672d3 --- /dev/null +++ b/CVE-2023/CVE-2023-426xx/CVE-2023-42670.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-42670", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-11-03T08:15:07.883", + "lastModified": "2023-11-03T08:15:07.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation \"classic DCs\") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as \"The procedure number is out of range\" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-42670", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241885", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.samba.org/show_bug.cgi?id=15473", + "source": "secalert@redhat.com" + }, + { + "url": "https://www.samba.org/samba/security/CVE-2023-42670.html", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46846.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46846.json new file mode 100644 index 00000000000..6b8366b49b9 --- /dev/null +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46846.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46846", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-11-03T08:15:07.953", + "lastModified": "2023-11-03T08:15:07.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:6266", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:6267", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:6268", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-46846", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245910", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46847.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46847.json new file mode 100644 index 00000000000..715749d3ecd --- /dev/null +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46847.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-46847", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-11-03T08:15:08.023", + "lastModified": "2023-11-03T08:15:08.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.3 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:6266", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:6267", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:6268", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-46847", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245916", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-468xx/CVE-2023-46848.json b/CVE-2023/CVE-2023-468xx/CVE-2023-46848.json new file mode 100644 index 00000000000..ff7559ad7f2 --- /dev/null +++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46848.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46848", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-11-03T08:15:08.117", + "lastModified": "2023-11-03T08:15:08.117", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/errata/RHSA-2023:6266", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2023:6268", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2023-46848", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245919", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-57xx/CVE-2023-5763.json b/CVE-2023/CVE-2023-57xx/CVE-2023-5763.json new file mode 100644 index 00000000000..c97c1093e68 --- /dev/null +++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5763.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-5763", + "sourceIdentifier": "emo@eclipse.org", + "published": "2023-11-03T07:15:14.617", + "lastModified": "2023-11-03T07:15:14.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "emo@eclipse.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + }, + { + "lang": "en", + "value": "CWE-913" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14", + "source": "emo@eclipse.org" + }, + { + "url": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server", + "source": "emo@eclipse.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-58xx/CVE-2023-5824.json b/CVE-2023/CVE-2023-58xx/CVE-2023-5824.json new file mode 100644 index 00000000000..6f9c3d379ac --- /dev/null +++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5824.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-5824", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-11-03T08:15:08.270", + "lastModified": "2023-11-03T08:15:08.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.8 + } + ] + }, + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-5824", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5948.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5948.json new file mode 100644 index 00000000000..2f8d49dfb81 --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5948.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5948", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-11-03T07:15:14.723", + "lastModified": "2023-11-03T07:15:14.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f9ae09d5053..8c06e41bd7f 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-03T07:00:19.194206+00:00 +2023-11-03T09:00:59.372263+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-03T06:15:07.630000+00:00 +2023-11-03T08:15:08.270000+00:00 ``` ### Last Data Feed Release @@ -29,45 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -229713 +229725 ``` ### CVEs added in the last Commit -Recently added CVEs: `24` +Recently added CVEs: `12` -* [CVE-2023-38965](CVE-2023/CVE-2023-389xx/CVE-2023-38965.json) (`2023-11-03T05:15:29.400`) -* [CVE-2023-41164](CVE-2023/CVE-2023-411xx/CVE-2023-41164.json) (`2023-11-03T05:15:29.447`) -* [CVE-2023-41259](CVE-2023/CVE-2023-412xx/CVE-2023-41259.json) (`2023-11-03T05:15:29.490`) -* [CVE-2023-41260](CVE-2023/CVE-2023-412xx/CVE-2023-41260.json) (`2023-11-03T05:15:29.537`) -* [CVE-2023-41343](CVE-2023/CVE-2023-413xx/CVE-2023-41343.json) (`2023-11-03T05:15:29.583`) -* [CVE-2023-41345](CVE-2023/CVE-2023-413xx/CVE-2023-41345.json) (`2023-11-03T05:15:29.660`) -* [CVE-2023-41346](CVE-2023/CVE-2023-413xx/CVE-2023-41346.json) (`2023-11-03T05:15:29.733`) -* [CVE-2023-41347](CVE-2023/CVE-2023-413xx/CVE-2023-41347.json) (`2023-11-03T05:15:29.800`) -* [CVE-2023-41348](CVE-2023/CVE-2023-413xx/CVE-2023-41348.json) (`2023-11-03T05:15:29.867`) -* [CVE-2023-41350](CVE-2023/CVE-2023-413xx/CVE-2023-41350.json) (`2023-11-03T05:15:29.930`) -* [CVE-2023-41914](CVE-2023/CVE-2023-419xx/CVE-2023-41914.json) (`2023-11-03T05:15:30.000`) -* [CVE-2023-43665](CVE-2023/CVE-2023-436xx/CVE-2023-43665.json) (`2023-11-03T05:15:30.047`) -* [CVE-2023-43982](CVE-2023/CVE-2023-439xx/CVE-2023-43982.json) (`2023-11-03T05:15:30.093`) -* [CVE-2023-44271](CVE-2023/CVE-2023-442xx/CVE-2023-44271.json) (`2023-11-03T05:15:30.137`) -* [CVE-2023-45024](CVE-2023/CVE-2023-450xx/CVE-2023-45024.json) (`2023-11-03T05:15:30.687`) -* [CVE-2023-45360](CVE-2023/CVE-2023-453xx/CVE-2023-45360.json) (`2023-11-03T05:15:30.730`) -* [CVE-2023-45362](CVE-2023/CVE-2023-453xx/CVE-2023-45362.json) (`2023-11-03T05:15:30.773`) -* [CVE-2023-46517](CVE-2023/CVE-2023-465xx/CVE-2023-46517.json) (`2023-11-03T05:15:30.817`) -* [CVE-2023-46817](CVE-2023/CVE-2023-468xx/CVE-2023-46817.json) (`2023-11-03T05:15:30.867`) -* [CVE-2023-41351](CVE-2023/CVE-2023-413xx/CVE-2023-41351.json) (`2023-11-03T06:15:07.107`) -* [CVE-2023-41352](CVE-2023/CVE-2023-413xx/CVE-2023-41352.json) (`2023-11-03T06:15:07.313`) -* [CVE-2023-41353](CVE-2023/CVE-2023-413xx/CVE-2023-41353.json) (`2023-11-03T06:15:07.417`) -* [CVE-2023-41354](CVE-2023/CVE-2023-413xx/CVE-2023-41354.json) (`2023-11-03T06:15:07.527`) -* [CVE-2023-41355](CVE-2023/CVE-2023-413xx/CVE-2023-41355.json) (`2023-11-03T06:15:07.630`) +* [CVE-2023-41344](CVE-2023/CVE-2023-413xx/CVE-2023-41344.json) (`2023-11-03T07:15:14.190`) +* [CVE-2023-41356](CVE-2023/CVE-2023-413xx/CVE-2023-41356.json) (`2023-11-03T07:15:14.403`) +* [CVE-2023-41357](CVE-2023/CVE-2023-413xx/CVE-2023-41357.json) (`2023-11-03T07:15:14.503`) +* [CVE-2023-5763](CVE-2023/CVE-2023-57xx/CVE-2023-5763.json) (`2023-11-03T07:15:14.617`) +* [CVE-2023-5948](CVE-2023/CVE-2023-59xx/CVE-2023-5948.json) (`2023-11-03T07:15:14.723`) +* [CVE-2023-1194](CVE-2023/CVE-2023-11xx/CVE-2023-1194.json) (`2023-11-03T08:15:07.490`) +* [CVE-2023-42670](CVE-2023/CVE-2023-426xx/CVE-2023-42670.json) (`2023-11-03T08:15:07.883`) +* [CVE-2023-46846](CVE-2023/CVE-2023-468xx/CVE-2023-46846.json) (`2023-11-03T08:15:07.953`) +* [CVE-2023-46847](CVE-2023/CVE-2023-468xx/CVE-2023-46847.json) (`2023-11-03T08:15:08.023`) +* [CVE-2023-46848](CVE-2023/CVE-2023-468xx/CVE-2023-46848.json) (`2023-11-03T08:15:08.117`) +* [CVE-2023-4091](CVE-2023/CVE-2023-40xx/CVE-2023-4091.json) (`2023-11-03T08:15:08.197`) +* [CVE-2023-5824](CVE-2023/CVE-2023-58xx/CVE-2023-5824.json) (`2023-11-03T08:15:08.270`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `4` -* [CVE-2022-29548](CVE-2022/CVE-2022-295xx/CVE-2022-29548.json) (`2023-11-03T05:15:29.183`) -* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-11-03T05:15:30.180`) +* [CVE-2023-41345](CVE-2023/CVE-2023-413xx/CVE-2023-41345.json) (`2023-11-03T08:15:07.590`) +* [CVE-2023-41346](CVE-2023/CVE-2023-413xx/CVE-2023-41346.json) (`2023-11-03T08:15:07.673`) +* [CVE-2023-41347](CVE-2023/CVE-2023-413xx/CVE-2023-41347.json) (`2023-11-03T08:15:07.737`) +* [CVE-2023-41348](CVE-2023/CVE-2023-413xx/CVE-2023-41348.json) (`2023-11-03T08:15:07.813`) ## Download and Usage