Auto-Update: 2023-08-11T08:00:29.205143+00:00

2025-07-09 16:05:11 +00:00 · 2023-08-11 08:00:32 +00:00 · 2023-08-11 08:00:32 +00:00 · 0108930bb6
commit 0108930bb6
parent b7eb265475
11 changed files with 486 additions and 5 deletions
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3823.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3823.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-3823",
+  "sourceIdentifier": "security@php.net",
+  "published": "2023-08-11T06:15:09.283",
+  "lastModified": "2023-08-11T06:15:09.283",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as\u00a0ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.\u00a0\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@php.net",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr",
+      "source": "security@php.net"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3824.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3824.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-3824",
+  "sourceIdentifier": "security@php.net",
+  "published": "2023-08-11T06:15:10.560",
+  "lastModified": "2023-08-11T06:15:10.560",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In PHP version 8.0.* before 8.0.30,\u00a0 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.\u00a0\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@php.net",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "LOW",
+          "baseScore": 9.4,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@php.net",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-119"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv",
+      "source": "security@php.net"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-402xx/CVE-2023-40253.json
+++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40253.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-40253",
+  "sourceIdentifier": "vuln@krcert.or.kr",
+  "published": "2023-08-11T06:15:10.673",
+  "lastModified": "2023-08-11T06:15:10.673",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "vuln@krcert.or.kr",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vuln@krcert.or.kr",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-287"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.genians.co.kr/notice/2023",
+      "source": "vuln@krcert.or.kr"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-402xx/CVE-2023-40254.json
+++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40254.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-40254",
+  "sourceIdentifier": "vuln@krcert.or.kr",
+  "published": "2023-08-11T07:15:09.423",
+  "lastModified": "2023-08-11T07:15:09.423",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "vuln@krcert.or.kr",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vuln@krcert.or.kr",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-494"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.genians.co.kr/notice/2023",
+      "source": "vuln@krcert.or.kr"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-402xx/CVE-2023-40260.json
+++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40260.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-40260",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-11T06:15:10.787",
+  "lastModified": "2023-08-11T06:15:10.787",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about \"some unknown processing of the component Multi-Factor Authentication Code Handler\" and thus cannot be correlated with other vulnerability information."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://seclists.org/fulldisclosure/2023/Aug/3",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-402xx/CVE-2023-40267.json
+++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40267.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-40267",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-08-11T07:15:09.647",
+  "lastModified": "2023-08-11T07:15:09.647",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/gitpython-developers/GitPython/pull/1609",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-41xx/CVE-2023-4105.json
+++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4105.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4105",
+  "sourceIdentifier": "responsibledisclosure@mattermost.com",
+  "published": "2023-08-11T07:15:09.740",
+  "lastModified": "2023-08-11T07:15:09.740",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "responsibledisclosure@mattermost.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.1,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "responsibledisclosure@mattermost.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://mattermost.com/security-updates",
+      "source": "responsibledisclosure@mattermost.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-41xx/CVE-2023-4106.json
+++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4106.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4106",
+  "sourceIdentifier": "responsibledisclosure@mattermost.com",
+  "published": "2023-08-11T07:15:09.853",
+  "lastModified": "2023-08-11T07:15:09.853",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to\u00a0view, join, edit, export and archive public playbooks.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "responsibledisclosure@mattermost.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "responsibledisclosure@mattermost.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://mattermost.com/security-updates",
+      "source": "responsibledisclosure@mattermost.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-41xx/CVE-2023-4107.json
+++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4107.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4107",
+  "sourceIdentifier": "responsibledisclosure@mattermost.com",
+  "published": "2023-08-11T07:15:09.963",
+  "lastModified": "2023-08-11T07:15:09.963",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "responsibledisclosure@mattermost.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "responsibledisclosure@mattermost.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://mattermost.com/security-updates",
+      "source": "responsibledisclosure@mattermost.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-41xx/CVE-2023-4108.json
+++ b/CVE-2023/CVE-2023-41xx/CVE-2023-4108.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4108",
+  "sourceIdentifier": "responsibledisclosure@mattermost.com",
+  "published": "2023-08-11T07:15:10.070",
+  "lastModified": "2023-08-11T07:15:10.070",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "responsibledisclosure@mattermost.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "responsibledisclosure@mattermost.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-532"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://mattermost.com/security-updates",
+      "source": "responsibledisclosure@mattermost.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-08-11T06:00:30.177657+00:00
+2023-08-11T08:00:29.205143+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-08-11T05:15:42.450000+00:00
+2023-08-11T07:15:10.070000+00:00
 ```

 ### Last Data Feed Release
@ -29,14 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-222431
+222441
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `10`

-* [CVE-2023-40256](CVE-2023/CVE-2023-402xx/CVE-2023-40256.json) (`2023-08-11T05:15:42.450`)
+* [CVE-2023-3823](CVE-2023/CVE-2023-38xx/CVE-2023-3823.json) (`2023-08-11T06:15:09.283`)
+* [CVE-2023-3824](CVE-2023/CVE-2023-38xx/CVE-2023-3824.json) (`2023-08-11T06:15:10.560`)
+* [CVE-2023-40253](CVE-2023/CVE-2023-402xx/CVE-2023-40253.json) (`2023-08-11T06:15:10.673`)
+* [CVE-2023-40260](CVE-2023/CVE-2023-402xx/CVE-2023-40260.json) (`2023-08-11T06:15:10.787`)
+* [CVE-2023-40254](CVE-2023/CVE-2023-402xx/CVE-2023-40254.json) (`2023-08-11T07:15:09.423`)
+* [CVE-2023-40267](CVE-2023/CVE-2023-402xx/CVE-2023-40267.json) (`2023-08-11T07:15:09.647`)
+* [CVE-2023-4105](CVE-2023/CVE-2023-41xx/CVE-2023-4105.json) (`2023-08-11T07:15:09.740`)
+* [CVE-2023-4106](CVE-2023/CVE-2023-41xx/CVE-2023-4106.json) (`2023-08-11T07:15:09.853`)
+* [CVE-2023-4107](CVE-2023/CVE-2023-41xx/CVE-2023-4107.json) (`2023-08-11T07:15:09.963`)
+* [CVE-2023-4108](CVE-2023/CVE-2023-41xx/CVE-2023-4108.json) (`2023-08-11T07:15:10.070`)


 ### CVEs modified in the last Commit