Auto-Update: 2023-11-03T09:00:59.372263+00:00

2025-06-19 17:31:42 +00:00 · 2023-11-03 09:01:02 +00:00 · 2023-11-03 09:01:02 +00:00 · d19f71d523
commit d19f71d523
parent cf3e83be8d
17 changed files with 717 additions and 39 deletions
--- a/CVE-2023/CVE-2023-11xx/CVE-2023-1194.json
+++ b/CVE-2023/CVE-2023-11xx/CVE-2023-1194.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2023-1194",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-11-03T08:15:07.490",
+  "lastModified": "2023-11-03T08:15:07.490",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 4.2
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-1194",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154176",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://www.spinics.net/lists/stable-commits/msg303065.html",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-40xx/CVE-2023-4091.json
+++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4091.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-4091",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-11-03T08:15:08.197",
+  "lastModified": "2023-11-03T08:15:08.197",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module \"acl_xattr\" is configured with \"acl_xattr:ignore system acls = yes\". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:6209",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-4091",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241882",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.samba.org/show_bug.cgi?id=15439",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://www.samba.org/samba/security/CVE-2023-4091.html",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41344.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41344.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41344",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T07:15:14.190",
+  "lastModified": "2023-11-03T07:15:14.190",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7507-55b28-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41345.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41345.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-41345",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2023-11-03T05:15:29.660",
-  "lastModified": "2023-11-03T05:15:29.660",
+  "lastModified": "2023-11-03T08:15:07.590",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
-      "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services."
+      "value": "ASUS RT-AX55\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41346.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41346.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-41346",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2023-11-03T05:15:29.733",
-  "lastModified": "2023-11-03T05:15:29.733",
+  "lastModified": "2023-11-03T08:15:07.673",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
-      "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
+      "value": "ASUS RT-AX55\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41347.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41347.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-41347",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2023-11-03T05:15:29.800",
-  "lastModified": "2023-11-03T05:15:29.800",
+  "lastModified": "2023-11-03T08:15:07.737",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
-      "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
+      "value": "ASUS RT-AX55\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41348.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41348.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-41348",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2023-11-03T05:15:29.867",
-  "lastModified": "2023-11-03T05:15:29.867",
+  "lastModified": "2023-11-03T08:15:07.813",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
-      "value": "ASUS RT-AC86U\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
+      "value": "ASUS RT-AX55\u2019s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41356.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41356.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41356",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T07:15:14.403",
+  "lastModified": "2023-11-03T07:15:14.403",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-639"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7506-b4e29-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-413xx/CVE-2023-41357.json
+++ b/CVE-2023/CVE-2023-413xx/CVE-2023-41357.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-41357",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2023-11-03T07:15:14.503",
+  "lastModified": "2023-11-03T07:15:14.503",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-426xx/CVE-2023-42670.json
+++ b/CVE-2023/CVE-2023-426xx/CVE-2023-42670.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-42670",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-11-03T08:15:07.883",
+  "lastModified": "2023-11-03T08:15:07.883",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation \"classic DCs\") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as \"The procedure number is out of range\" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-42670",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241885",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.samba.org/show_bug.cgi?id=15473",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://www.samba.org/samba/security/CVE-2023-42670.html",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-468xx/CVE-2023-46846.json
+++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46846.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-46846",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-11-03T08:15:07.953",
+  "lastModified": "2023-11-03T08:15:07.953",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 9.3,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:6266",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:6267",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:6268",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-46846",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245910",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-468xx/CVE-2023-46847.json
+++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46847.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-46847",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-11-03T08:15:08.023",
+  "lastModified": "2023-11-03T08:15:08.023",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Squid is vulnerable to a Denial of Service,  where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.9,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.3
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:6266",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:6267",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:6268",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-46847",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245916",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-468xx/CVE-2023-46848.json
+++ b/CVE-2023/CVE-2023-468xx/CVE-2023-46848.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-46848",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-11-03T08:15:08.117",
+  "lastModified": "2023-11-03T08:15:08.117",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Squid is vulnerable to Denial of Service,  where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:6266",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2023:6268",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-46848",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245919",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-57xx/CVE-2023-5763.json
+++ b/CVE-2023/CVE-2023-57xx/CVE-2023-5763.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-5763",
+  "sourceIdentifier": "emo@eclipse.org",
+  "published": "2023-11-03T07:15:14.617",
+  "lastModified": "2023-11-03T07:15:14.617",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "emo@eclipse.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "emo@eclipse.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-913"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14",
+      "source": "emo@eclipse.org"
+    },
+    {
+      "url": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server",
+      "source": "emo@eclipse.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-58xx/CVE-2023-5824.json
+++ b/CVE-2023/CVE-2023-58xx/CVE-2023-5824.json
@ -0,0 +1,51 @@
+{
+  "id": "CVE-2023-5824",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-11-03T08:15:08.270",
+  "lastModified": "2023-11-03T08:15:08.270",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.6,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 5.8
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-5824",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-59xx/CVE-2023-5948.json
+++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5948.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-5948",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-11-03T07:15:14.723",
+  "lastModified": "2023-11-03T07:15:14.723",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.8
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-285"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-11-03T07:00:19.194206+00:00
+2023-11-03T09:00:59.372263+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-11-03T06:15:07.630000+00:00
+2023-11-03T08:15:08.270000+00:00
 ```

 ### Last Data Feed Release
@ -29,45 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-229713
+229725
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `24`
+Recently added CVEs: `12`

-* [CVE-2023-38965](CVE-2023/CVE-2023-389xx/CVE-2023-38965.json) (`2023-11-03T05:15:29.400`)
-* [CVE-2023-41164](CVE-2023/CVE-2023-411xx/CVE-2023-41164.json) (`2023-11-03T05:15:29.447`)
-* [CVE-2023-41259](CVE-2023/CVE-2023-412xx/CVE-2023-41259.json) (`2023-11-03T05:15:29.490`)
-* [CVE-2023-41260](CVE-2023/CVE-2023-412xx/CVE-2023-41260.json) (`2023-11-03T05:15:29.537`)
-* [CVE-2023-41343](CVE-2023/CVE-2023-413xx/CVE-2023-41343.json) (`2023-11-03T05:15:29.583`)
-* [CVE-2023-41345](CVE-2023/CVE-2023-413xx/CVE-2023-41345.json) (`2023-11-03T05:15:29.660`)
-* [CVE-2023-41346](CVE-2023/CVE-2023-413xx/CVE-2023-41346.json) (`2023-11-03T05:15:29.733`)
-* [CVE-2023-41347](CVE-2023/CVE-2023-413xx/CVE-2023-41347.json) (`2023-11-03T05:15:29.800`)
-* [CVE-2023-41348](CVE-2023/CVE-2023-413xx/CVE-2023-41348.json) (`2023-11-03T05:15:29.867`)
-* [CVE-2023-41350](CVE-2023/CVE-2023-413xx/CVE-2023-41350.json) (`2023-11-03T05:15:29.930`)
-* [CVE-2023-41914](CVE-2023/CVE-2023-419xx/CVE-2023-41914.json) (`2023-11-03T05:15:30.000`)
-* [CVE-2023-43665](CVE-2023/CVE-2023-436xx/CVE-2023-43665.json) (`2023-11-03T05:15:30.047`)
-* [CVE-2023-43982](CVE-2023/CVE-2023-439xx/CVE-2023-43982.json) (`2023-11-03T05:15:30.093`)
-* [CVE-2023-44271](CVE-2023/CVE-2023-442xx/CVE-2023-44271.json) (`2023-11-03T05:15:30.137`)
-* [CVE-2023-45024](CVE-2023/CVE-2023-450xx/CVE-2023-45024.json) (`2023-11-03T05:15:30.687`)
-* [CVE-2023-45360](CVE-2023/CVE-2023-453xx/CVE-2023-45360.json) (`2023-11-03T05:15:30.730`)
-* [CVE-2023-45362](CVE-2023/CVE-2023-453xx/CVE-2023-45362.json) (`2023-11-03T05:15:30.773`)
-* [CVE-2023-46517](CVE-2023/CVE-2023-465xx/CVE-2023-46517.json) (`2023-11-03T05:15:30.817`)
-* [CVE-2023-46817](CVE-2023/CVE-2023-468xx/CVE-2023-46817.json) (`2023-11-03T05:15:30.867`)
-* [CVE-2023-41351](CVE-2023/CVE-2023-413xx/CVE-2023-41351.json) (`2023-11-03T06:15:07.107`)
-* [CVE-2023-41352](CVE-2023/CVE-2023-413xx/CVE-2023-41352.json) (`2023-11-03T06:15:07.313`)
-* [CVE-2023-41353](CVE-2023/CVE-2023-413xx/CVE-2023-41353.json) (`2023-11-03T06:15:07.417`)
-* [CVE-2023-41354](CVE-2023/CVE-2023-413xx/CVE-2023-41354.json) (`2023-11-03T06:15:07.527`)
-* [CVE-2023-41355](CVE-2023/CVE-2023-413xx/CVE-2023-41355.json) (`2023-11-03T06:15:07.630`)
+* [CVE-2023-41344](CVE-2023/CVE-2023-413xx/CVE-2023-41344.json) (`2023-11-03T07:15:14.190`)
+* [CVE-2023-41356](CVE-2023/CVE-2023-413xx/CVE-2023-41356.json) (`2023-11-03T07:15:14.403`)
+* [CVE-2023-41357](CVE-2023/CVE-2023-413xx/CVE-2023-41357.json) (`2023-11-03T07:15:14.503`)
+* [CVE-2023-5763](CVE-2023/CVE-2023-57xx/CVE-2023-5763.json) (`2023-11-03T07:15:14.617`)
+* [CVE-2023-5948](CVE-2023/CVE-2023-59xx/CVE-2023-5948.json) (`2023-11-03T07:15:14.723`)
+* [CVE-2023-1194](CVE-2023/CVE-2023-11xx/CVE-2023-1194.json) (`2023-11-03T08:15:07.490`)
+* [CVE-2023-42670](CVE-2023/CVE-2023-426xx/CVE-2023-42670.json) (`2023-11-03T08:15:07.883`)
+* [CVE-2023-46846](CVE-2023/CVE-2023-468xx/CVE-2023-46846.json) (`2023-11-03T08:15:07.953`)
+* [CVE-2023-46847](CVE-2023/CVE-2023-468xx/CVE-2023-46847.json) (`2023-11-03T08:15:08.023`)
+* [CVE-2023-46848](CVE-2023/CVE-2023-468xx/CVE-2023-46848.json) (`2023-11-03T08:15:08.117`)
+* [CVE-2023-4091](CVE-2023/CVE-2023-40xx/CVE-2023-4091.json) (`2023-11-03T08:15:08.197`)
+* [CVE-2023-5824](CVE-2023/CVE-2023-58xx/CVE-2023-5824.json) (`2023-11-03T08:15:08.270`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `4`

-* [CVE-2022-29548](CVE-2022/CVE-2022-295xx/CVE-2022-29548.json) (`2023-11-03T05:15:29.183`)
-* [CVE-2023-44487](CVE-2023/CVE-2023-444xx/CVE-2023-44487.json) (`2023-11-03T05:15:30.180`)
+* [CVE-2023-41345](CVE-2023/CVE-2023-413xx/CVE-2023-41345.json) (`2023-11-03T08:15:07.590`)
+* [CVE-2023-41346](CVE-2023/CVE-2023-413xx/CVE-2023-41346.json) (`2023-11-03T08:15:07.673`)
+* [CVE-2023-41347](CVE-2023/CVE-2023-413xx/CVE-2023-41347.json) (`2023-11-03T08:15:07.737`)
+* [CVE-2023-41348](CVE-2023/CVE-2023-413xx/CVE-2023-41348.json) (`2023-11-03T08:15:07.813`)


 ## Download and Usage