Auto-Update: 2023-05-20 20:00:28.387609+00:00

2025-07-09 16:05:11 +00:00 · 2023-05-20 20:00:32 +00:00 · 2023-05-20 20:00:32 +00:00 · 05ee421c88
commit 05ee421c88
parent a8a640207a
4 changed files with 70 additions and 12 deletions
--- a/CVE-2023/CVE-2023-326xx/CVE-2023-32668.json
+++ b/CVE-2023/CVE-2023-326xx/CVE-2023-32668.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-32668",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-05-11T06:15:10.000",
-  "lastModified": "2023-05-19T01:53:41.537",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-05-20T18:15:09.253",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "LuaTeX before 1.17.0 enables the socket library by default."
+      "value": "LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5."
    }
  ],
  "metrics": {
@ -87,6 +87,10 @@
        "Mailing List",
        "Mitigation"
      ]
+    },
+    {
+      "url": "https://tug.org/~mseven/luatex.html#luasocket",
+      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-327xx/CVE-2023-32700.json
+++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32700.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-32700",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-20T18:15:09.370",
+  "lastModified": "2023-05-20T18:15:09.370",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/TeX-Live/texlive-source/releases/tag/build-svn66984",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/tags/1.17.0",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://tug.org/pipermail/tex-live/2023-May/049188.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://tug.org/~mseven/luatex.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-332xx/CVE-2023-33244.json
+++ b/CVE-2023/CVE-2023-332xx/CVE-2023-33244.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-33244",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-05-20T19:15:08.817",
+  "lastModified": "2023-05-20T19:15:08.817",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://forum.obsidian.md/t/obsidian-release-v1-2-2-insider-build/57488",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://vuln.ryotak.net/advisories/66",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-05-20T16:00:26.176141+00:00
+2023-05-20T20:00:28.387609+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-05-20T15:15:08.893000+00:00
+2023-05-20T19:15:08.817000+00:00
 ```

 ### Last Data Feed Release
@ -29,24 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-215690
+215692
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `2`

-* [CVE-2023-1692](CVE-2023/CVE-2023-16xx/CVE-2023-1692.json) (`2023-05-20T15:15:08.717`)
-* [CVE-2023-1693](CVE-2023/CVE-2023-16xx/CVE-2023-1693.json) (`2023-05-20T15:15:08.767`)
-* [CVE-2023-1694](CVE-2023/CVE-2023-16xx/CVE-2023-1694.json) (`2023-05-20T15:15:08.810`)
-* [CVE-2023-1696](CVE-2023/CVE-2023-16xx/CVE-2023-1696.json) (`2023-05-20T15:15:08.847`)
+* [CVE-2023-32700](CVE-2023/CVE-2023-327xx/CVE-2023-32700.json) (`2023-05-20T18:15:09.370`)
+* [CVE-2023-33244](CVE-2023/CVE-2023-332xx/CVE-2023-33244.json) (`2023-05-20T19:15:08.817`)


 ### CVEs modified in the last Commit

 Recently modified CVEs: `1`

-* [CVE-2023-32784](CVE-2023/CVE-2023-327xx/CVE-2023-32784.json) (`2023-05-20T15:15:08.893`)
+* [CVE-2023-32668](CVE-2023/CVE-2023-326xx/CVE-2023-32668.json) (`2023-05-20T18:15:09.253`)


 ## Download and Usage