Auto-Update: 2023-09-25T23:55:25.394937+00:00

CVE-2018/CVE-2018-122xx/CVE-2018-12207.json

@@ -2,7 +2,7 @@
   "id": "CVE-2018-12207",
   "sourceIdentifier": "secure@intel.com",
   "published": "2019-11-14T20:15:11.133",
-  "lastModified": "2022-11-11T02:37:49.580",
+  "lastModified": "2023-09-25T22:11:08.627",
   "vulnStatus": "Analyzed",
   "descriptions": [
     {
@@ -6630,8 +6630,8 @@
           "cpeMatch": [
             {
               "vulnerable": false,
-              "criteria": "cpe:2.3:h:intel:xeon_gold_6240l_:-:*:*:*:*:*:*:*",
-              "matchCriteriaId": "56FBF2B9-7703-4636-A260-F8C0A98FE34D"
+              "criteria": "cpe:2.3:h:intel:xeon_gold_6240l:-:*:*:*:*:*:*:*",
+              "matchCriteriaId": "02BCB7D2-4B68-4FF8-BFC9-06C39A708C62"
             }
           ]
         }
@@ -20516,7 +20516,6 @@
       ]
     },
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",
@@ -20532,7 +20531,6 @@
       ]
     },
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",
@@ -20548,7 +20546,6 @@
       ]
     },
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",
@@ -20569,7 +20566,6 @@
       ]
     },
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",
@@ -20585,7 +20581,6 @@
       ]
     },
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",
@@ -21005,7 +21000,6 @@
       ]
     },
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",
@@ -21066,7 +21060,6 @@
       ]
     },
     {
-      "operator": "AND",
       "nodes": [
         {
           "operator": "OR",

CVE-2021/CVE-2021-454xx/CVE-2021-45462.json

@@ -2,8 +2,8 @@
   "id": "CVE-2021-45462",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2021-12-23T04:15:09.573",
-  "lastModified": "2022-01-04T19:33:30.017",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-25T22:15:09.793",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -90,7 +90,7 @@
       "description": [
         {
           "lang": "en",
-          "value": "CWE-20"
+          "value": "CWE-1284"
         }
       ]
     }
@@ -120,6 +120,10 @@
         "Patch",
         "Third Party Advisory"
       ]
+    },
+    {
+      "url": "https://www.trendmicro.com/en_us/research/23/i/attacks-on-5g-infrastructure-from-users-devices.html",
+      "source": "cve@mitre.org"
     }
   ]
 }

CVE-2023/CVE-2023-383xx/CVE-2023-38353.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-38353",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-09-19T16:15:11.427",
-  "lastModified": "2023-09-22T16:39:17.900",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-25T22:15:10.510",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "MiniTool Power Data Recovery 11.5 contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack."
+      "value": "MiniTool Power Data Recovery version 11.6 and before contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack."
     },
     {
       "lang": "es",

CVE-2023/CVE-2023-383xx/CVE-2023-38354.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-38354",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-09-19T16:15:11.737",
-  "lastModified": "2023-09-22T16:44:46.093",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-25T22:15:10.687",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "MiniTool Movie Maker 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack."
+      "value": "MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack."
     },
     {
       "lang": "es",

CVE-2023/CVE-2023-389xx/CVE-2023-38907.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-38907",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-25T23:15:09.543",
+  "lastModified": "2023-09-25T23:15:09.543",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via session key in the message function."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://arxiv.org/abs/2308.09019",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.scitepress.org/PublicationsDetail.aspx?ID=X/auBv7JrSo=&t=1",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-424xx/CVE-2023-42464.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-42464",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-09-20T15:15:11.817",
-  "lastModified": "2023-09-22T18:33:38.487",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-09-25T23:15:10.243",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -94,6 +94,10 @@
         "Vendor Advisory"
       ]
     },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00031.html",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://netatalk.sourceforge.io/",
       "source": "cve@mitre.org",

CVE-2023/CVE-2023-42xx/CVE-2023-4258.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4258",
+  "sourceIdentifier": "vulnerabilities@zephyrproject.org",
+  "published": "2023-09-25T22:15:11.137",
+  "lastModified": "2023-09-25T22:15:11.137",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "vulnerabilities@zephyrproject.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vulnerabilities@zephyrproject.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-684"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m34c-cp63-rwh7",
+      "source": "vulnerabilities@zephyrproject.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-432xx/CVE-2023-43278.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-43278",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-25T23:15:10.703",
+  "lastModified": "2023-09-25T23:15:10.703",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://seacms.com",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://blog.csdn.net/sugaryzheng/article/details/133283101?spm=1001.2014.3001.5501",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.seacms.net/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-433xx/CVE-2023-43326.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-43326",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-09-25T22:15:10.943",
+  "lastModified": "2023-09-25T22:15:10.943",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the change email function."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ahrixia/CVE-2023-43326",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://moosocial.com/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-09-25T22:00:24.509244+00:00
+2023-09-25T23:55:25.394937+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-09-25T21:15:16.667000+00:00
+2023-09-25T23:15:10.703000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,37 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-226166
+226170
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `12`
+Recently added CVEs: `4`
 
-* [CVE-2022-4137](CVE-2022/CVE-2022-41xx/CVE-2022-4137.json) (`2023-09-25T20:15:09.897`)
-* [CVE-2022-4244](CVE-2022/CVE-2022-42xx/CVE-2022-4244.json) (`2023-09-25T20:15:10.220`)
-* [CVE-2022-4245](CVE-2022/CVE-2022-42xx/CVE-2022-4245.json) (`2023-09-25T20:15:10.400`)
-* [CVE-2022-4318](CVE-2022/CVE-2022-43xx/CVE-2022-4318.json) (`2023-09-25T20:15:10.590`)
-* [CVE-2023-43458](CVE-2023/CVE-2023-434xx/CVE-2023-43458.json) (`2023-09-25T20:15:11.557`)
-* [CVE-2023-43642](CVE-2023/CVE-2023-436xx/CVE-2023-43642.json) (`2023-09-25T20:15:11.723`)
-* [CVE-2023-43644](CVE-2023/CVE-2023-436xx/CVE-2023-43644.json) (`2023-09-25T20:15:11.977`)
-* [CVE-2023-42426](CVE-2023/CVE-2023-424xx/CVE-2023-42426.json) (`2023-09-25T21:15:15.640`)
-* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2023-09-25T21:15:15.923`)
-* [CVE-2023-43132](CVE-2023/CVE-2023-431xx/CVE-2023-43132.json) (`2023-09-25T21:15:16.250`)
-* [CVE-2023-43457](CVE-2023/CVE-2023-434xx/CVE-2023-43457.json) (`2023-09-25T21:15:16.457`)
-* [CVE-2023-5129](CVE-2023/CVE-2023-51xx/CVE-2023-5129.json) (`2023-09-25T21:15:16.667`)
+* [CVE-2023-43326](CVE-2023/CVE-2023-433xx/CVE-2023-43326.json) (`2023-09-25T22:15:10.943`)
+* [CVE-2023-4258](CVE-2023/CVE-2023-42xx/CVE-2023-4258.json) (`2023-09-25T22:15:11.137`)
+* [CVE-2023-38907](CVE-2023/CVE-2023-389xx/CVE-2023-38907.json) (`2023-09-25T23:15:09.543`)
+* [CVE-2023-43278](CVE-2023/CVE-2023-432xx/CVE-2023-43278.json) (`2023-09-25T23:15:10.703`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `6`
+Recently modified CVEs: `5`
 
-* [CVE-2023-29499](CVE-2023/CVE-2023-294xx/CVE-2023-29499.json) (`2023-09-25T20:15:10.757`)
-* [CVE-2023-32611](CVE-2023/CVE-2023-326xx/CVE-2023-32611.json) (`2023-09-25T20:15:11.170`)
-* [CVE-2023-32665](CVE-2023/CVE-2023-326xx/CVE-2023-32665.json) (`2023-09-25T20:15:11.353`)
-* [CVE-2023-20588](CVE-2023/CVE-2023-205xx/CVE-2023-20588.json) (`2023-09-25T21:15:13.027`)
-* [CVE-2023-20593](CVE-2023/CVE-2023-205xx/CVE-2023-20593.json) (`2023-09-25T21:15:13.997`)
-* [CVE-2023-31445](CVE-2023/CVE-2023-314xx/CVE-2023-31445.json) (`2023-09-25T21:15:14.983`)
+* [CVE-2018-12207](CVE-2018/CVE-2018-122xx/CVE-2018-12207.json) (`2023-09-25T22:11:08.627`)
+* [CVE-2021-45462](CVE-2021/CVE-2021-454xx/CVE-2021-45462.json) (`2023-09-25T22:15:09.793`)
+* [CVE-2023-38353](CVE-2023/CVE-2023-383xx/CVE-2023-38353.json) (`2023-09-25T22:15:10.510`)
+* [CVE-2023-38354](CVE-2023/CVE-2023-383xx/CVE-2023-38354.json) (`2023-09-25T22:15:10.687`)
+* [CVE-2023-42464](CVE-2023/CVE-2023-424xx/CVE-2023-42464.json) (`2023-09-25T23:15:10.243`)
 
 
 ## Download and Usage