Auto-Update: 2024-01-16T13:00:24.754103+00:00

2025-07-09 16:05:11 +00:00 · 2024-01-16 13:00:28 +00:00 · 2024-01-16 13:00:28 +00:00 · d9712f5546
commit d9712f5546
parent 53ea5789a0
6 changed files with 261 additions and 27 deletions
--- a/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json
+++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-6004",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-01-03T17:15:11.623",
-  "lastModified": "2024-01-11T19:18:22.313",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-16T12:15:45.247",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -41,7 +41,7 @@
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
@ -49,12 +49,12 @@
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
-          "availabilityImpact": "NONE",
-          "baseScore": 3.9,
-          "baseSeverity": "LOW"
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.3,
-        "impactScore": 2.5
+        "impactScore": 4.7
      }
    ]
  },
--- a/CVE-2024/CVE-2024-05xx/CVE-2024-0553.json
+++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0553.json
@ -0,0 +1,67 @@
+{
+  "id": "CVE-2024-0553",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2024-01-16T12:15:45.557",
+  "lastModified": "2024-01-16T12:15:45.557",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-203"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2024-0553",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://gitlab.com/gnutls/gnutls/-/issues/1522",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-05xx/CVE-2024-0554.json
+++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0554.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-0554",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-01-16T11:15:07.933",
+  "lastModified": "2024-01-16T11:15:07.933",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user."
+    },
+    {
+      "lang": "es",
+      "value": "Se ha encontrado una vulnerabilidad de Cross-site scripting (XSS) en WIC1200, que afecta a la versi\u00f3n 1.1. Un usuario autenticado podr\u00eda almacenar un payload de JavaScript malicioso en el par\u00e1metro device model a trav\u00e9s de '/setup/diags_ir_learn.asp', lo que permitir\u00eda al atacante recuperar los detalles de la sesi\u00f3n de otro usuario."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-05xx/CVE-2024-0555.json
+++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0555.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-0555",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-01-16T11:15:08.493",
+  "lastModified": "2024-01-16T11:15:08.493",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation."
+    },
+    {
+      "lang": "es",
+      "value": "Se ha encontrado una vulnerabilidad de Cross-Site Request Forgery (CSRF) en WIC1200, que afecta a la versi\u00f3n 1.1. Un usuario autenticado podr\u00eda llevar a otro usuario a ejecutar acciones no deseadas dentro de la aplicaci\u00f3n en la que inici\u00f3 sesi\u00f3n. Esta vulnerabilidad es posible debido a la falta de una implementaci\u00f3n adecuada del token CSRF."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-05xx/CVE-2024-0556.json
+++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0556.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-0556",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-01-16T11:15:08.700",
+  "lastModified": "2024-01-16T11:15:08.700",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text."
+    },
+    {
+      "lang": "es",
+      "value": "Se ha detectado una vulnerabilidad de criptograf\u00eda d\u00e9bil para contrase\u00f1as en WIC200 que afecta a la versi\u00f3n 1.1. Esta vulnerabilidad permite a un usuario remoto interceptar el tr\u00e1fico y recuperar las credenciales de otro usuario y decodificarlas en base64, lo que permite al atacante ver las credenciales en texto plano."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 4.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-261"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-16T11:00:24.934079+00:00
+2024-01-16T13:00:24.754103+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-16T10:15:07.933000+00:00
+2024-01-16T12:15:45.557000+00:00
 ```

 ### Last Data Feed Release
@ -29,34 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-235979
+235983
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `15`
+Recently added CVEs: `4`

-* [CVE-2023-52098](CVE-2023/CVE-2023-520xx/CVE-2023-52098.json) (`2024-01-16T09:15:07.610`)
-* [CVE-2023-52107](CVE-2023/CVE-2023-521xx/CVE-2023-52107.json) (`2024-01-16T09:15:07.750`)
-* [CVE-2023-52108](CVE-2023/CVE-2023-521xx/CVE-2023-52108.json) (`2024-01-16T09:15:07.840`)
-* [CVE-2023-52114](CVE-2023/CVE-2023-521xx/CVE-2023-52114.json) (`2024-01-16T09:15:07.883`)
-* [CVE-2023-52115](CVE-2023/CVE-2023-521xx/CVE-2023-52115.json) (`2024-01-16T09:15:07.933`)
-* [CVE-2023-52116](CVE-2023/CVE-2023-521xx/CVE-2023-52116.json) (`2024-01-16T09:15:08.017`)
-* [CVE-2023-34063](CVE-2023/CVE-2023-340xx/CVE-2023-34063.json) (`2024-01-16T10:15:07.347`)
-* [CVE-2023-52099](CVE-2023/CVE-2023-520xx/CVE-2023-52099.json) (`2024-01-16T10:15:07.553`)
-* [CVE-2023-52100](CVE-2023/CVE-2023-521xx/CVE-2023-52100.json) (`2024-01-16T10:15:07.600`)
-* [CVE-2023-52101](CVE-2023/CVE-2023-521xx/CVE-2023-52101.json) (`2024-01-16T10:15:07.650`)
-* [CVE-2023-52102](CVE-2023/CVE-2023-521xx/CVE-2023-52102.json) (`2024-01-16T10:15:07.693`)
-* [CVE-2023-52103](CVE-2023/CVE-2023-521xx/CVE-2023-52103.json) (`2024-01-16T10:15:07.743`)
-* [CVE-2023-52104](CVE-2023/CVE-2023-521xx/CVE-2023-52104.json) (`2024-01-16T10:15:07.830`)
-* [CVE-2023-52105](CVE-2023/CVE-2023-521xx/CVE-2023-52105.json) (`2024-01-16T10:15:07.880`)
-* [CVE-2023-52106](CVE-2023/CVE-2023-521xx/CVE-2023-52106.json) (`2024-01-16T10:15:07.933`)
+* [CVE-2024-0554](CVE-2024/CVE-2024-05xx/CVE-2024-0554.json) (`2024-01-16T11:15:07.933`)
+* [CVE-2024-0555](CVE-2024/CVE-2024-05xx/CVE-2024-0555.json) (`2024-01-16T11:15:08.493`)
+* [CVE-2024-0556](CVE-2024/CVE-2024-05xx/CVE-2024-0556.json) (`2024-01-16T11:15:08.700`)
+* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-01-16T12:15:45.557`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+* [CVE-2023-6004](CVE-2023/CVE-2023-60xx/CVE-2023-6004.json) (`2024-01-16T12:15:45.247`)


 ## Download and Usage