diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3823.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3823.json new file mode 100644 index 00000000000..d8de4890dbd --- /dev/null +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3823.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-3823", + "sourceIdentifier": "security@php.net", + "published": "2023-08-11T06:15:09.283", + "lastModified": "2023-08-11T06:15:09.283", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as\u00a0ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.\u00a0\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@php.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr", + "source": "security@php.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3824.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3824.json new file mode 100644 index 00000000000..17f9d601702 --- /dev/null +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3824.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3824", + "sourceIdentifier": "security@php.net", + "published": "2023-08-11T06:15:10.560", + "lastModified": "2023-08-11T06:15:10.560", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In PHP version 8.0.* before 8.0.30,\u00a0 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.\u00a0\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@php.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security@php.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv", + "source": "security@php.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40253.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40253.json new file mode 100644 index 00000000000..d176bd3f1ff --- /dev/null +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40253.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-40253", + "sourceIdentifier": "vuln@krcert.or.kr", + "published": "2023-08-11T06:15:10.673", + "lastModified": "2023-08-11T06:15:10.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vuln@krcert.or.kr", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "vuln@krcert.or.kr", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://www.genians.co.kr/notice/2023", + "source": "vuln@krcert.or.kr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40254.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40254.json new file mode 100644 index 00000000000..62825631695 --- /dev/null +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40254.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-40254", + "sourceIdentifier": "vuln@krcert.or.kr", + "published": "2023-08-11T07:15:09.423", + "lastModified": "2023-08-11T07:15:09.423", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vuln@krcert.or.kr", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "vuln@krcert.or.kr", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-494" + } + ] + } + ], + "references": [ + { + "url": "https://www.genians.co.kr/notice/2023", + "source": "vuln@krcert.or.kr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40260.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40260.json new file mode 100644 index 00000000000..28f2f60f567 --- /dev/null +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40260.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40260", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-11T06:15:10.787", + "lastModified": "2023-08-11T06:15:10.787", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about \"some unknown processing of the component Multi-Factor Authentication Code Handler\" and thus cannot be correlated with other vulnerability information." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://seclists.org/fulldisclosure/2023/Aug/3", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40267.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40267.json new file mode 100644 index 00000000000..1dee8264281 --- /dev/null +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40267.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-40267", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-08-11T07:15:09.647", + "lastModified": "2023-08-11T07:15:09.647", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/gitpython-developers/GitPython/pull/1609", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4105.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4105.json new file mode 100644 index 00000000000..8d8b846dfce --- /dev/null +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4105.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4105", + "sourceIdentifier": "responsibledisclosure@mattermost.com", + "published": "2023-08-11T07:15:09.740", + "lastModified": "2023-08-11T07:15:09.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://mattermost.com/security-updates", + "source": "responsibledisclosure@mattermost.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4106.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4106.json new file mode 100644 index 00000000000..2b2c6ca4ed7 --- /dev/null +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4106.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4106", + "sourceIdentifier": "responsibledisclosure@mattermost.com", + "published": "2023-08-11T07:15:09.853", + "lastModified": "2023-08-11T07:15:09.853", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to\u00a0view, join, edit, export and archive public playbooks.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://mattermost.com/security-updates", + "source": "responsibledisclosure@mattermost.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4107.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4107.json new file mode 100644 index 00000000000..0120b40cc5d --- /dev/null +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4107.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4107", + "sourceIdentifier": "responsibledisclosure@mattermost.com", + "published": "2023-08-11T07:15:09.963", + "lastModified": "2023-08-11T07:15:09.963", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://mattermost.com/security-updates", + "source": "responsibledisclosure@mattermost.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-41xx/CVE-2023-4108.json b/CVE-2023/CVE-2023-41xx/CVE-2023-4108.json new file mode 100644 index 00000000000..093b6df3bff --- /dev/null +++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4108.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4108", + "sourceIdentifier": "responsibledisclosure@mattermost.com", + "published": "2023-08-11T07:15:10.070", + "lastModified": "2023-08-11T07:15:10.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "responsibledisclosure@mattermost.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://mattermost.com/security-updates", + "source": "responsibledisclosure@mattermost.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 21d3ae2786a..38e28fdd9e6 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-08-11T06:00:30.177657+00:00 +2023-08-11T08:00:29.205143+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-08-11T05:15:42.450000+00:00 +2023-08-11T07:15:10.070000+00:00 ``` ### Last Data Feed Release @@ -29,14 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -222431 +222441 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `10` -* [CVE-2023-40256](CVE-2023/CVE-2023-402xx/CVE-2023-40256.json) (`2023-08-11T05:15:42.450`) +* [CVE-2023-3823](CVE-2023/CVE-2023-38xx/CVE-2023-3823.json) (`2023-08-11T06:15:09.283`) +* [CVE-2023-3824](CVE-2023/CVE-2023-38xx/CVE-2023-3824.json) (`2023-08-11T06:15:10.560`) +* [CVE-2023-40253](CVE-2023/CVE-2023-402xx/CVE-2023-40253.json) (`2023-08-11T06:15:10.673`) +* [CVE-2023-40260](CVE-2023/CVE-2023-402xx/CVE-2023-40260.json) (`2023-08-11T06:15:10.787`) +* [CVE-2023-40254](CVE-2023/CVE-2023-402xx/CVE-2023-40254.json) (`2023-08-11T07:15:09.423`) +* [CVE-2023-40267](CVE-2023/CVE-2023-402xx/CVE-2023-40267.json) (`2023-08-11T07:15:09.647`) +* [CVE-2023-4105](CVE-2023/CVE-2023-41xx/CVE-2023-4105.json) (`2023-08-11T07:15:09.740`) +* [CVE-2023-4106](CVE-2023/CVE-2023-41xx/CVE-2023-4106.json) (`2023-08-11T07:15:09.853`) +* [CVE-2023-4107](CVE-2023/CVE-2023-41xx/CVE-2023-4107.json) (`2023-08-11T07:15:09.963`) +* [CVE-2023-4108](CVE-2023/CVE-2023-41xx/CVE-2023-4108.json) (`2023-08-11T07:15:10.070`) ### CVEs modified in the last Commit