Auto-Update: 2023-12-06T09:00:58.781466+00:00

CVE-2023/CVE-2023-284xx/CVE-2023-28472.json

@@ -2,12 +2,12 @@
   "id": "CVE-2023-28472",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2023-04-28T14:15:10.407",
-  "lastModified": "2023-05-05T14:51:21.107",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-06T08:15:06.833",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies."
+      "value": "Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies."
     }
   ],
   "metrics": {
@@ -72,6 +72,10 @@
         "Product"
       ]
     },
+    {
+      "url": "https://www.concretecms.org/about/project-news/security/2023-11-09-security-blog-about-updated-cves-and-new-release",
+      "source": "cve@mitre.org"
+    },
     {
       "url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20",
       "source": "cve@mitre.org",

CVE-2023/CVE-2023-28xx/CVE-2023-2861.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-2861",
+  "sourceIdentifier": "patrick@puiterwijk.org",
+  "published": "2023-12-06T07:15:41.430",
+  "lastModified": "2023-12-06T07:15:41.430",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "patrick@puiterwijk.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.0,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.8,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "patrick@puiterwijk.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-2861",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219266",
+      "source": "patrick@puiterwijk.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-488xx/CVE-2023-48849.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-48849",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-12-06T08:15:07.107",
+  "lastModified": "2023-12-06T08:15:07.107",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/delsploit/CVE-2023-48849",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-498xx/CVE-2023-49897.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49897",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2023-12-06T07:15:41.883",
+  "lastModified": "2023-12-06T07:15:41.883",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU92152057/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.fxc.jp/news/20231206",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-12-06T07:00:18.214519+00:00
+2023-12-06T09:00:58.781466+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-12-06T05:15:10.750000+00:00
+2023-12-06T08:15:07.107000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,24 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-232386
+232389
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `5`
+Recently added CVEs: `3`
 
-* [CVE-2023-22522](CVE-2023/CVE-2023-225xx/CVE-2023-22522.json) (`2023-12-06T05:15:09.587`)
-* [CVE-2023-22523](CVE-2023/CVE-2023-225xx/CVE-2023-22523.json) (`2023-12-06T05:15:10.087`)
-* [CVE-2023-22524](CVE-2023/CVE-2023-225xx/CVE-2023-22524.json) (`2023-12-06T05:15:10.267`)
-* [CVE-2023-26154](CVE-2023/CVE-2023-261xx/CVE-2023-26154.json) (`2023-12-06T05:15:10.437`)
-* [CVE-2023-6527](CVE-2023/CVE-2023-65xx/CVE-2023-6527.json) (`2023-12-06T05:15:10.750`)
+* [CVE-2023-2861](CVE-2023/CVE-2023-28xx/CVE-2023-2861.json) (`2023-12-06T07:15:41.430`)
+* [CVE-2023-49897](CVE-2023/CVE-2023-498xx/CVE-2023-49897.json) (`2023-12-06T07:15:41.883`)
+* [CVE-2023-48849](CVE-2023/CVE-2023-488xx/CVE-2023-48849.json) (`2023-12-06T08:15:07.107`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+* [CVE-2023-28472](CVE-2023/CVE-2023-284xx/CVE-2023-28472.json) (`2023-12-06T08:15:06.833`)
 
 
 ## Download and Usage