admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-15T22:00:24.998579+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-15 22:00:28 +00:00
parent 6c09bd96ba
commit 093d2a4b22
46 changed files with 1405 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2020/CVE-2020-214xx/CVE-2020-21426.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-21426",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:10.540",
"lastModified": "2023-09-06T03:15:10.613",
"lastModified": "2023-09-15T21:15:07.803",
"vulnStatus": "Modified",
"descriptions": [
{
@ -68,6 +68,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUEK2JOVJBQZVNQIIZZO3JFMTVB4R5KS/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UGOMCRAANNCQYJYPPMGRQWKRZGIP6NME/",
"source": "cve@mitre.org"
},
{
"url": "https://sourceforge.net/p/freeimage/bugs/300/",
"source": "cve@mitre.org",

6
CVE-2020/CVE-2020-214xx/CVE-2020-21427.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-21427",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:11.423",
"lastModified": "2023-09-06T03:15:11.547",
"lastModified": "2023-09-15T21:15:08.097",
"vulnStatus": "Modified",
"descriptions": [
{
@ -68,6 +68,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUEK2JOVJBQZVNQIIZZO3JFMTVB4R5KS/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UGOMCRAANNCQYJYPPMGRQWKRZGIP6NME/",
"source": "cve@mitre.org"
},
{
"url": "https://sourceforge.net/p/freeimage/bugs/298/",
"source": "cve@mitre.org",

6
CVE-2020/CVE-2020-214xx/CVE-2020-21428.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-21428",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:12.293",
"lastModified": "2023-09-06T03:15:11.657",
"lastModified": "2023-09-15T21:15:08.170",
"vulnStatus": "Modified",
"descriptions": [
{
@ -68,6 +68,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUEK2JOVJBQZVNQIIZZO3JFMTVB4R5KS/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UGOMCRAANNCQYJYPPMGRQWKRZGIP6NME/",
"source": "cve@mitre.org"
},
{
"url": "https://sourceforge.net/p/freeimage/bugs/299/",
"source": "cve@mitre.org",

6
CVE-2020/CVE-2020-225xx/CVE-2020-22524.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22524",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:19.243",
"lastModified": "2023-09-06T03:15:11.807",
"lastModified": "2023-09-15T21:15:08.243",
"vulnStatus": "Modified",
"descriptions": [
{
@ -68,6 +68,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUEK2JOVJBQZVNQIIZZO3JFMTVB4R5KS/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UGOMCRAANNCQYJYPPMGRQWKRZGIP6NME/",
"source": "cve@mitre.org"
},
{
"url": "https://sourceforge.net/p/freeimage/bugs/319/",
"source": "cve@mitre.org",

6
CVE-2021/CVE-2021-284xx/CVE-2021-28485.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-28485",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-14T15:15:07.827",
"lastModified": "2023-09-14T18:32:35.497",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T20:15:07.493",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ericsson Mobile Switching Center Server (MSC-S) BC 18A and IS 3.1 releases before IS 3.1 CP22 allows Directory Traversal."
"value": "In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application."
}
],
"metrics": {},

6
CVE-2021/CVE-2021-418xx/CVE-2021-41803.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-41803",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-09-23T01:15:08.623",
"lastModified": "2023-09-05T03:15:08.497",
"lastModified": "2023-09-15T21:15:08.350",
"vulnStatus": "Modified",
"descriptions": [
{
@ -108,6 +108,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",
"source": "cve@mitre.org"

10
CVE-2022/CVE-2022-30xx/CVE-2022-3064.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-3064",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-27T22:15:14.507",
"lastModified": "2023-09-05T03:15:08.797",
"lastModified": "2023-09-15T21:15:08.483",
"vulnStatus": "Modified",
"descriptions": [
{
@ -89,6 +89,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/",
"source": "security@golang.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/",
"source": "security@golang.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",
"source": "security@golang.org"
@ -97,6 +101,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/",
"source": "security@golang.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",
"source": "security@golang.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",
"source": "security@golang.org"

47
CVE-2022/CVE-2022-32xx/CVE-2022-3261.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2022-3261",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-15T21:15:08.610",
"lastModified": "2023-09-15T21:15:08.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2022-3261",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2128834",
"source": "secalert@redhat.com"
}
]
}

6
CVE-2022/CVE-2022-407xx/CVE-2022-40716.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-40716",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-09-23T12:15:10.500",
"lastModified": "2023-09-05T03:15:09.110",
"lastModified": "2023-09-15T21:15:08.727",
"vulnStatus": "Modified",
"descriptions": [
{
@ -121,6 +121,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",
"source": "cve@mitre.org"

10
CVE-2022/CVE-2022-417xx/CVE-2022-41717.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-41717",
"sourceIdentifier": "security@golang.org",
"published": "2022-12-08T20:15:10.330",
"lastModified": "2023-09-07T04:15:09.720",
"lastModified": "2023-09-15T21:15:08.820",
"vulnStatus": "Modified",
"descriptions": [
{
@ -139,6 +139,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/",
"source": "security@golang.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/",
"source": "security@golang.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/",
"source": "security@golang.org",
@ -168,6 +172,10 @@
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2022-1144",
"source": "security@golang.org",

51
CVE-2023/CVE-2023-08xx/CVE-2023-0813.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-0813",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-15T21:15:08.953",
"lastModified": "2023-09-15T21:15:08.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:0786",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0813",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169468",
"source": "secalert@redhat.com"
}
]
}

6
CVE-2023/CVE-2023-08xx/CVE-2023-0845.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0845",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-03-09T16:15:09.657",
"lastModified": "2023-09-05T03:15:09.740",
"lastModified": "2023-09-15T21:15:09.037",
"vulnStatus": "Modified",
"descriptions": [
{
@ -107,6 +107,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",
"source": "security@hashicorp.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",
"source": "security@hashicorp.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",
"source": "security@hashicorp.com"

51
CVE-2023/CVE-2023-09xx/CVE-2023-0923.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2023-0923",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-15T21:15:09.153",
"lastModified": "2023-09-15T21:15:09.153",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2023:0977",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-0923",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2171870",
"source": "secalert@redhat.com"
}
]
}

25
CVE-2023/CVE-2023-15xx/CVE-2023-1576.json
View File

@ -2,31 +2,14 @@
"id": "CVE-2023-1576",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-14T18:15:09.053",
"lastModified": "2023-09-14T18:32:35.497",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-09-15T21:15:09.390",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "A Heap buffer overflow in CPP/7zip/Archive/Zip/ZipIn.cpp:1116 in NArchive::NZip::CInArchive::FindCd(bool) was found in p7zip 16.02.\n"
"value": "** REJECT ** This is a duplicate of an earlier CVE, CVE-2022-47069."
}
],
"metrics": {},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://sourceforge.net/p/p7zip/bugs/241/",
"source": "secalert@redhat.com"
}
]
"references": []
}

6
CVE-2023/CVE-2023-251xx/CVE-2023-25173.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25173",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-02-16T15:15:20.057",
"lastModified": "2023-09-05T03:15:10.060",
"lastModified": "2023-09-15T21:15:09.457",
"vulnStatus": "Modified",
"descriptions": [
{
@ -163,6 +163,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",
"source": "security-advisories@github.com"

6
CVE-2023/CVE-2023-260xx/CVE-2023-26054.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26054",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-03-06T19:15:10.390",
"lastModified": "2023-09-05T03:15:10.427",
"lastModified": "2023-09-15T21:15:09.607",
"vulnStatus": "Modified",
"descriptions": [
{
@ -115,6 +115,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",
"source": "security-advisories@github.com"

8
CVE-2023/CVE-2023-283xx/CVE-2023-28366.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28366",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T16:15:07.790",
"lastModified": "2023-09-07T18:29:57.320",
"vulnStatus": "Analyzed",
"lastModified": "2023-09-15T21:15:09.940",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -80,6 +80,10 @@
"Release Notes"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJ2FMBGVVQEQWTTQB7YLKTAHMX2UM66X/",
"source": "cve@mitre.org"
},
{
"url": "https://mosquitto.org/blog/2023/08/version-2-0-16-released/",
"source": "cve@mitre.org",

6
CVE-2023/CVE-2023-288xx/CVE-2023-28840.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28840",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-04T22:15:07.853",
"lastModified": "2023-09-05T03:15:10.760",
"lastModified": "2023-09-15T21:15:10.150",
"vulnStatus": "Modified",
"descriptions": [
{
@ -168,6 +168,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",
"source": "security-advisories@github.com"

6
CVE-2023/CVE-2023-288xx/CVE-2023-28841.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28841",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-04T22:15:07.937",
"lastModified": "2023-09-05T03:15:10.997",
"lastModified": "2023-09-15T21:15:10.363",
"vulnStatus": "Modified",
"descriptions": [
{
@ -175,6 +175,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",
"source": "security-advisories@github.com"

6
CVE-2023/CVE-2023-288xx/CVE-2023-28842.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28842",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-04-04T22:15:08.007",
"lastModified": "2023-09-05T03:15:11.240",
"lastModified": "2023-09-15T21:15:10.487",
"vulnStatus": "Modified",
"descriptions": [
{
@ -147,6 +147,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/",
"source": "security-advisories@github.com"

6
CVE-2023/CVE-2023-335xx/CVE-2023-33551.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33551",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T15:15:09.050",
"lastModified": "2023-09-07T03:15:08.103",
"lastModified": "2023-09-15T21:15:10.610",
"vulnStatus": "Modified",
"descriptions": [
{
@ -76,6 +76,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHOIRL6XH5NYR3LYI3KP5DE4SDSQWR7W/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGGIYW7PHYQM2NPYCJPSPSLULLD2P2PE/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-335xx/CVE-2023-33552.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33552",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T15:15:09.163",
"lastModified": "2023-09-07T03:15:08.190",
"lastModified": "2023-09-15T21:15:10.710",
"vulnStatus": "Modified",
"descriptions": [
{
@ -77,6 +77,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHOIRL6XH5NYR3LYI3KP5DE4SDSQWR7W/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGGIYW7PHYQM2NPYCJPSPSLULLD2P2PE/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-366xx/CVE-2023-36674.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36674",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-20T18:15:09.930",
"lastModified": "2023-09-02T03:15:31.660",
"lastModified": "2023-09-15T21:15:10.790",
"vulnStatus": "Modified",
"descriptions": [
{
@ -88,6 +88,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-366xx/CVE-2023-36675.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36675",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-26T01:15:09.203",
"lastModified": "2023-09-02T03:15:31.827",
"lastModified": "2023-09-15T21:15:10.887",
"vulnStatus": "Modified",
"descriptions": [
{
@ -83,6 +83,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/",
"source": "cve@mitre.org"

59
CVE-2023/CVE-2023-372xx/CVE-2023-37281.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-37281",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:08.310",
"lastModified": "2023-09-15T20:15:08.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done before decompressing the IPv6 address. Therefore, up to 16 bytes can be read out of bounds on the line with the statement `memcpy(&ipaddr->u8[16 - postcount], iphc_ptr, postcount);`. The value of `postcount` depends on the address compression used in the received packet and can be controlled by the attacker. As a result, an attacker can inject a packet that causes an out-of-bound read. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2509 to patch the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/contiki-ng/contiki-ng/pull/2509",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-2v4c-9p48-g9pr",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-374xx/CVE-2023-37459.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-37459",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:08.650",
"lastModified": "2023-09-15T20:15:08.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP header has been received. Specifically, the implementation attempts to access the flags field from the TCP buffer in the following conditional expression in the `check_for_tcp_syn` function. For this reason, an attacker can inject a truncated TCP packet, which will lead to an out-of-bound read from the packet buffer. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2510 to patch the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/contiki-ng/contiki-ng/pull/2510",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/contiki-ng/contiki-ng/security/advisories/GHSA-6648-m23r-hq8c",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-385xx/CVE-2023-38507.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-38507",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:08.997",
"lastModified": "2023-09-15T20:15:08.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/strapi/strapi/blob/32d68f1f5677ed9a9a505b718c182c0a3f885426/packages/core/admin/server/middlewares/rateLimit.js#L31",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/strapi/strapi/releases/tag/v4.12.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/strapi/strapi/security/advisories/GHSA-24q2-59hm-rh9r",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-387xx/CVE-2023-38706.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38706",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:09.217",
"lastModified": "2023-09-15T20:15:09.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-7wpp-4pqg-gvp8",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40018.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40018",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:09.447",
"lastModified": "2023-09-15T20:15:09.447",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.10",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-7mwp-86fv-hcg3",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-400xx/CVE-2023-40019.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40019",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:09.637",
"lastModified": "2023-09-15T20:15:09.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call in FreeSWITCH completes codec negotiation, the `codec_string` channel variable is set with the result of the negotiation. On a subsequent re-negotiation, if an SDP is offered that contains codecs with the same names but with different formats, there may be too many codec matches detected by FreeSWITCH leading to overflows of its internal arrays. By abusing this vulnerability, an attacker is able to corrupt stack of FreeSWITCH leading to an undefined behavior of the system or simply crash it. Version 1.10.10 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/signalwire/freeswitch/releases/tag/v1.10.10",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/signalwire/freeswitch/security/advisories/GHSA-gjj5-79p2-9g3q",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-401xx/CVE-2023-40167.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-40167",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:09.827",
"lastModified": "2023-09-15T21:15:10.977",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-130"
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6",
"source": "security-advisories@github.com"
},
{
"url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2023/CVE-2023-403xx/CVE-2023-40305.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40305",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T06:15:09.683",
"lastModified": "2023-09-07T04:15:10.407",
"lastModified": "2023-09-15T21:15:11.083",
"vulnStatus": "Modified",
"descriptions": [
{
@ -79,6 +79,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MIUH3F63KQJWYR3FLKRZUYYRJOY6FYX/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OB6GB6FUFPV5VJAZIANDG4YNNDW6JNXX/",
"source": "cve@mitre.org"
},
{
"url": "https://savannah.gnu.org/bugs/index.php?64503",
"source": "cve@mitre.org",

6
CVE-2023/CVE-2023-405xx/CVE-2023-40587.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40587",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-25T21:15:09.290",
"lastModified": "2023-09-05T03:15:11.787",
"lastModified": "2023-09-15T21:15:11.170",
"vulnStatus": "Modified",
"descriptions": [
{
@ -126,6 +126,10 @@
"Patch"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYSDTQ7NP5GHPQ7HBE47MBJQK7YEIYMF/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQIPHQTM3XE5NIEXCTQFV2J2RK2YUSMT/",
"source": "security-advisories@github.com"

55
CVE-2023/CVE-2023-405xx/CVE-2023-40588.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40588",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:10.083",
"lastModified": "2023-09-15T20:15:10.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2hg5-3xm3-9vvx",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-410xx/CVE-2023-41042.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41042",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:10.293",
"lastModified": "2023-09-15T20:15:10.293",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-2fq5-x3mm-v254",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2023/CVE-2023-410xx/CVE-2023-41043.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-41043",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:10.540",
"lastModified": "2023-09-15T20:15:10.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse/security/advisories/GHSA-28hh-h5xw-xgvx",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-413xx/CVE-2023-41325.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41325",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:10.800",
"lastModified": "2023-09-15T20:15:10.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee\u2019s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable \u2018e\u2019 is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://github.com/OP-TEE/optee_os/commit/e2ec831cb07ed0099535c7c140cb6338aa62816a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OP-TEE/optee_os/security/advisories/GHSA-jrw7-63cq-7vhm",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-418xx/CVE-2023-41880.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-41880",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T20:15:11.017",
"lastModified": "2023-09-15T20:15:11.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x86_64 is affected so all other targets are not affected by this. The miscompilation results in the instruction producing an incorrect result, namely the low 32-bits of the second lane of the vector are derived from the low 32-bits of the second lane of the input vector instead of the high 32-bits. The primary impact of this issue is that any WebAssembly program using the `i64x2.shr_s` with a constant shift amount larger than 32 may produce an incorrect result.\n\nThis issue is not an escape from the WebAssembly sandbox. Execution of WebAssembly guest programs will still behave correctly with respect to memory sandboxing and isolation from the host. Wasmtime considers non-spec-compliant behavior as a security issue nonetheless.\n\nThis issue was discovered through fuzzing of Wasmtime's code generator Cranelift.\n\nWasmtime versions 10.0.2, 11.0.2, and 12.0.2 are all patched to no longer have this miscompilation. This issue only affects x86_64 hosts and the only workaround is to either scan for this pattern in wasm modules which is nontrivial or to disable the SIMD proposal for WebAssembly. Users prior to 10.0.0 are unaffected by this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-193"
}
]
}
],
"references": [
{
"url": "https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/bytecodealliance/wasmtime/commit/8d7eda15b0badcbea83a7aac2d08f80788b59240",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/bytecodealliance/wasmtime/pull/6372",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh#:~:text=Mailing%20list%20announcement",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-418xx/CVE-2023-41886.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41886",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.297",
"lastModified": "2023-09-15T21:15:11.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/OpenRefine/OpenRefine/commit/2de1439f5be63d9d0e89bbacbd24fa28c8c3e29d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qqh2-wvmv-h72m",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2023/CVE-2023-418xx/CVE-2023-41887.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-41887",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.407",
"lastModified": "2023-09-15T21:15:11.407",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-418xx/CVE-2023-41889.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-41889",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.503",
"lastModified": "2023-09-15T21:15:11.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-176"
}
]
}
],
"references": [
{
"url": "https://github.com/shirasagi/shirasagi/blob/f249ce3f06f6bfbc0017b38f5c13de424334c3ea/app/models/concerns/rdf/object.rb#L68-L72",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/shirasagi/shirasagi/security/advisories/GHSA-xr45-c2jv-2v9r",
"source": "security-advisories@github.com"
},
{
"url": "https://sim4n6.beehiiv.com/p/unicode-characters-bypass-security-checks",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-419xx/CVE-2023-41900.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-41900",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.600",
"lastModified": "2023-09-15T21:15:11.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1390"
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse/jetty.project/pull/9528",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eclipse/jetty.project/pull/9660",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48",
"source": "security-advisories@github.com"
}
]
}

15
CVE-2023/CVE-2023-419xx/CVE-2023-41901.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2023-41901",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.713",
"lastModified": "2023-09-15T21:15:11.713",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "** REJECT ** Further research determined the issue is not a vulnerability."
}
],
"metrics": {},
"references": []
}

55
CVE-2023/CVE-2023-424xx/CVE-2023-42439.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-42439",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.780",
"lastModified": "2023-09-15T21:15:11.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. As of time of publication, no patched version is available."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-pxg5-h34r-7q8p",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2023/CVE-2023-424xx/CVE-2023-42442.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-42442",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-09-15T21:15:11.867",
"lastModified": "2023-09-15T21:15:11.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/jumpserver/jumpserver/blob/v3.6.1/apps/terminal/api/session/session.py#L91",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jumpserver/jumpserver/commit/0a58bba59cd275bab8e0ae58bf4b359fbc5eb74a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-633x-3f4f-v9rw",
"source": "security-advisories@github.com"
}
]
}

79
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-15T20:00:24.774157+00:00
2023-09-15T22:00:24.998579+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-15T19:45:09.877000+00:00
2023-09-15T21:15:11.867000+00:00
```
### Last Data Feed Release
@ -29,43 +29,64 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
225680
225702
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `22`
* [CVE-2023-36472](CVE-2023/CVE-2023-364xx/CVE-2023-36472.json) (`2023-09-15T19:15:08.117`)
* [CVE-2023-36479](CVE-2023/CVE-2023-364xx/CVE-2023-36479.json) (`2023-09-15T19:15:08.387`)
* [CVE-2023-37263](CVE-2023/CVE-2023-372xx/CVE-2023-37263.json) (`2023-09-15T19:15:08.637`)
* [CVE-2022-3261](CVE-2022/CVE-2022-32xx/CVE-2022-3261.json) (`2023-09-15T21:15:08.610`)
* [CVE-2023-37281](CVE-2023/CVE-2023-372xx/CVE-2023-37281.json) (`2023-09-15T20:15:08.310`)
* [CVE-2023-37459](CVE-2023/CVE-2023-374xx/CVE-2023-37459.json) (`2023-09-15T20:15:08.650`)
* [CVE-2023-38507](CVE-2023/CVE-2023-385xx/CVE-2023-38507.json) (`2023-09-15T20:15:08.997`)
* [CVE-2023-38706](CVE-2023/CVE-2023-387xx/CVE-2023-38706.json) (`2023-09-15T20:15:09.217`)
* [CVE-2023-40018](CVE-2023/CVE-2023-400xx/CVE-2023-40018.json) (`2023-09-15T20:15:09.447`)
* [CVE-2023-40019](CVE-2023/CVE-2023-400xx/CVE-2023-40019.json) (`2023-09-15T20:15:09.637`)
* [CVE-2023-40588](CVE-2023/CVE-2023-405xx/CVE-2023-40588.json) (`2023-09-15T20:15:10.083`)
* [CVE-2023-41042](CVE-2023/CVE-2023-410xx/CVE-2023-41042.json) (`2023-09-15T20:15:10.293`)
* [CVE-2023-41043](CVE-2023/CVE-2023-410xx/CVE-2023-41043.json) (`2023-09-15T20:15:10.540`)
* [CVE-2023-41325](CVE-2023/CVE-2023-413xx/CVE-2023-41325.json) (`2023-09-15T20:15:10.800`)
* [CVE-2023-41880](CVE-2023/CVE-2023-418xx/CVE-2023-41880.json) (`2023-09-15T20:15:11.017`)
* [CVE-2023-0813](CVE-2023/CVE-2023-08xx/CVE-2023-0813.json) (`2023-09-15T21:15:08.953`)
* [CVE-2023-0923](CVE-2023/CVE-2023-09xx/CVE-2023-0923.json) (`2023-09-15T21:15:09.153`)
* [CVE-2023-40167](CVE-2023/CVE-2023-401xx/CVE-2023-40167.json) (`2023-09-15T20:15:09.827`)
* [CVE-2023-41886](CVE-2023/CVE-2023-418xx/CVE-2023-41886.json) (`2023-09-15T21:15:11.297`)
* [CVE-2023-41887](CVE-2023/CVE-2023-418xx/CVE-2023-41887.json) (`2023-09-15T21:15:11.407`)
* [CVE-2023-41889](CVE-2023/CVE-2023-418xx/CVE-2023-41889.json) (`2023-09-15T21:15:11.503`)
* [CVE-2023-41900](CVE-2023/CVE-2023-419xx/CVE-2023-41900.json) (`2023-09-15T21:15:11.600`)
* [CVE-2023-41901](CVE-2023/CVE-2023-419xx/CVE-2023-41901.json) (`2023-09-15T21:15:11.713`)
* [CVE-2023-42439](CVE-2023/CVE-2023-424xx/CVE-2023-42439.json) (`2023-09-15T21:15:11.780`)
* [CVE-2023-42442](CVE-2023/CVE-2023-424xx/CVE-2023-42442.json) (`2023-09-15T21:15:11.867`)
### CVEs modified in the last Commit
Recently modified CVEs: `21`
Recently modified CVEs: `23`
* [CVE-2023-39915](CVE-2023/CVE-2023-399xx/CVE-2023-39915.json) (`2023-09-15T19:04:36.513`)
* [CVE-2023-4801](CVE-2023/CVE-2023-48xx/CVE-2023-4801.json) (`2023-09-15T19:06:01.270`)
* [CVE-2023-4803](CVE-2023/CVE-2023-48xx/CVE-2023-4803.json) (`2023-09-15T19:06:18.257`)
* [CVE-2023-4828](CVE-2023/CVE-2023-48xx/CVE-2023-4828.json) (`2023-09-15T19:08:40.947`)
* [CVE-2023-3255](CVE-2023/CVE-2023-32xx/CVE-2023-3255.json) (`2023-09-15T19:10:53.080`)
* [CVE-2023-39215](CVE-2023/CVE-2023-392xx/CVE-2023-39215.json) (`2023-09-15T19:11:10.497`)
* [CVE-2023-39208](CVE-2023/CVE-2023-392xx/CVE-2023-39208.json) (`2023-09-15T19:11:19.887`)
* [CVE-2023-30962](CVE-2023/CVE-2023-309xx/CVE-2023-30962.json) (`2023-09-15T19:11:35.157`)
* [CVE-2023-4918](CVE-2023/CVE-2023-49xx/CVE-2023-4918.json) (`2023-09-15T19:13:08.017`)
* [CVE-2023-29463](CVE-2023/CVE-2023-294xx/CVE-2023-29463.json) (`2023-09-15T19:14:44.543`)
* [CVE-2023-32664](CVE-2023/CVE-2023-326xx/CVE-2023-32664.json) (`2023-09-15T19:15:07.340`)
* [CVE-2023-33876](CVE-2023/CVE-2023-338xx/CVE-2023-33876.json) (`2023-09-15T19:15:07.867`)
* [CVE-2023-37466](CVE-2023/CVE-2023-374xx/CVE-2023-37466.json) (`2023-09-15T19:15:08.773`)
* [CVE-2023-37905](CVE-2023/CVE-2023-379xx/CVE-2023-37905.json) (`2023-09-15T19:15:09.033`)
* [CVE-2023-3814](CVE-2023/CVE-2023-38xx/CVE-2023-3814.json) (`2023-09-15T19:15:09.380`)
* [CVE-2023-4269](CVE-2023/CVE-2023-42xx/CVE-2023-4269.json) (`2023-09-15T19:15:09.717`)
* [CVE-2023-4400](CVE-2023/CVE-2023-44xx/CVE-2023-4400.json) (`2023-09-15T19:21:59.813`)
* [CVE-2023-20236](CVE-2023/CVE-2023-202xx/CVE-2023-20236.json) (`2023-09-15T19:22:20.250`)
* [CVE-2023-3301](CVE-2023/CVE-2023-33xx/CVE-2023-3301.json) (`2023-09-15T19:22:46.217`)
* [CVE-2023-41331](CVE-2023/CVE-2023-413xx/CVE-2023-41331.json) (`2023-09-15T19:23:35.937`)
* [CVE-2023-41885](CVE-2023/CVE-2023-418xx/CVE-2023-41885.json) (`2023-09-15T19:45:09.877`)
* [CVE-2020-21426](CVE-2020/CVE-2020-214xx/CVE-2020-21426.json) (`2023-09-15T21:15:07.803`)
* [CVE-2020-21427](CVE-2020/CVE-2020-214xx/CVE-2020-21427.json) (`2023-09-15T21:15:08.097`)
* [CVE-2020-21428](CVE-2020/CVE-2020-214xx/CVE-2020-21428.json) (`2023-09-15T21:15:08.170`)
* [CVE-2020-22524](CVE-2020/CVE-2020-225xx/CVE-2020-22524.json) (`2023-09-15T21:15:08.243`)
* [CVE-2021-28485](CVE-2021/CVE-2021-284xx/CVE-2021-28485.json) (`2023-09-15T20:15:07.493`)
* [CVE-2021-41803](CVE-2021/CVE-2021-418xx/CVE-2021-41803.json) (`2023-09-15T21:15:08.350`)
* [CVE-2022-3064](CVE-2022/CVE-2022-30xx/CVE-2022-3064.json) (`2023-09-15T21:15:08.483`)
* [CVE-2022-40716](CVE-2022/CVE-2022-407xx/CVE-2022-40716.json) (`2023-09-15T21:15:08.727`)
* [CVE-2022-41717](CVE-2022/CVE-2022-417xx/CVE-2022-41717.json) (`2023-09-15T21:15:08.820`)
* [CVE-2023-0845](CVE-2023/CVE-2023-08xx/CVE-2023-0845.json) (`2023-09-15T21:15:09.037`)
* [CVE-2023-1576](CVE-2023/CVE-2023-15xx/CVE-2023-1576.json) (`2023-09-15T21:15:09.390`)
* [CVE-2023-25173](CVE-2023/CVE-2023-251xx/CVE-2023-25173.json) (`2023-09-15T21:15:09.457`)
* [CVE-2023-26054](CVE-2023/CVE-2023-260xx/CVE-2023-26054.json) (`2023-09-15T21:15:09.607`)
* [CVE-2023-28366](CVE-2023/CVE-2023-283xx/CVE-2023-28366.json) (`2023-09-15T21:15:09.940`)
* [CVE-2023-28840](CVE-2023/CVE-2023-288xx/CVE-2023-28840.json) (`2023-09-15T21:15:10.150`)
* [CVE-2023-28841](CVE-2023/CVE-2023-288xx/CVE-2023-28841.json) (`2023-09-15T21:15:10.363`)
* [CVE-2023-28842](CVE-2023/CVE-2023-288xx/CVE-2023-28842.json) (`2023-09-15T21:15:10.487`)
* [CVE-2023-33551](CVE-2023/CVE-2023-335xx/CVE-2023-33551.json) (`2023-09-15T21:15:10.610`)
* [CVE-2023-33552](CVE-2023/CVE-2023-335xx/CVE-2023-33552.json) (`2023-09-15T21:15:10.710`)
* [CVE-2023-36674](CVE-2023/CVE-2023-366xx/CVE-2023-36674.json) (`2023-09-15T21:15:10.790`)
* [CVE-2023-36675](CVE-2023/CVE-2023-366xx/CVE-2023-36675.json) (`2023-09-15T21:15:10.887`)
* [CVE-2023-40305](CVE-2023/CVE-2023-403xx/CVE-2023-40305.json) (`2023-09-15T21:15:11.083`)
* [CVE-2023-40587](CVE-2023/CVE-2023-405xx/CVE-2023-40587.json) (`2023-09-15T21:15:11.170`)
## Download and Usage