Auto-Update: 2023-06-28T23:55:26.300084+00:00

2025-07-09 16:05:11 +00:00 · 2023-06-28 23:55:29 +00:00 · 2023-06-28 23:55:29 +00:00 · 1257730346
commit 1257730346
parent 38560afbca
9 changed files with 305 additions and 56 deletions
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3357.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3357.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-3357",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-06-28T22:15:09.587",
+  "lastModified": "2023-06-28T22:15:09.587",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=53ffa6a9f83b2170c60591da1ead8791d5a42e81",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3358.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3358.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-3358",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-06-28T22:15:09.647",
+  "lastModified": "2023-06-28T22:15:09.647",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d40c3ec3dc4ad78017de6c3a38979f57aaaab8",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3359.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3359.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-3359",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-06-28T22:15:09.707",
+  "lastModified": "2023-06-28T22:15:09.707",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b0576ade3aaf24b376ea1a4406ae138e2a22b0c0",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-33xx/CVE-2023-3389.json
+++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3389.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-3389",
  "sourceIdentifier": "cve-coordination@google.com",
  "published": "2023-06-28T20:15:09.773",
-  "lastModified": "2023-06-28T20:15:09.773",
+  "lastModified": "2023-06-28T22:15:09.763",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
-      "value": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit 4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and\u00a00e388fce7aec40992eadee654193cad345d62663 for 5.15 stable.\n\n"
+      "value": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and\u00a00e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n"
    }
  ],
  "metrics": {
@ -55,6 +55,10 @@
      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=0e388fce7aec40992eadee654193cad345d62663",
      "source": "cve-coordination@google.com"
    },
+    {
+      "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59",
+      "source": "cve-coordination@google.com"
+    },
    {
      "url": "https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663",
      "source": "cve-coordination@google.com"
@ -62,6 +66,10 @@
    {
      "url": "https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04",
      "source": "cve-coordination@google.com"
+    },
+    {
+      "url": "https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59",
+      "source": "cve-coordination@google.com"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-346xx/CVE-2023-34647.json
+++ b/CVE-2023/CVE-2023-346xx/CVE-2023-34647.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-34647",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-28T22:15:09.397",
+  "lastModified": "2023-06-28T22:15:09.397",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ckalnarayan/Common-Vulnerabilities-and-Exposures/blob/main/CVE-2023-34647",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-347xx/CVE-2023-34736.json
+++ b/CVE-2023/CVE-2023-347xx/CVE-2023-34736.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-34736",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-28T22:15:09.450",
+  "lastModified": "2023-06-28T22:15:09.450",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/prismbreak/vulnerabilities/issues/5",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-364xx/CVE-2023-36474.json
+++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36474.json
@ -0,0 +1,67 @@
+{
+  "id": "CVE-2023-36474",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-06-28T22:15:09.503",
+  "lastModified": "2023-06-28T22:15:09.503",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing to `projectdiscovery.github.io` as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user's browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 4.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/projectdiscovery/interactsh/issues/136",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/projectdiscovery/interactsh/pull/155",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/projectdiscovery/interactsh/security/advisories/GHSA-m36x-mgfh-8g78",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-364xx/CVE-2023-36475.json
+++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36475.json
@ -0,0 +1,79 @@
+{
+  "id": "CVE-2023-36475",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-06-28T23:15:21.140",
+  "lastModified": "2023-06-28T23:15:21.140",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-1321"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/parse-community/parse-server/commit/3dd99dd80e27e5e1d99b42844180546d90c7aa90",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/parse-community/parse-server/commit/5fad2928fb8ee17304abcdcf259932f827d8c81f",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/parse-community/parse-server/issues/8674",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/parse-community/parse-server/issues/8675",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/parse-community/parse-server/releases/tag/5.5.2",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/parse-community/parse-server/releases/tag/6.2.1",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-06-28T22:00:31.924409+00:00
+2023-06-28T23:55:26.300084+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-06-28T21:15:10.517000+00:00
+2023-06-28T23:15:21.140000+00:00
 ```

 ### Last Data Feed Release
@ -29,68 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-218841
+218848
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `24`
+Recently added CVEs: `7`

-* [CVE-2021-25827](CVE-2021/CVE-2021-258xx/CVE-2021-25827.json) (`2023-06-28T20:15:09.397`)
-* [CVE-2021-25828](CVE-2021/CVE-2021-258xx/CVE-2021-25828.json) (`2023-06-28T20:15:09.453`)
-* [CVE-2022-4143](CVE-2022/CVE-2022-41xx/CVE-2022-4143.json) (`2023-06-28T21:15:09.290`)
-* [CVE-2023-33570](CVE-2023/CVE-2023-335xx/CVE-2023-33570.json) (`2023-06-28T20:15:09.540`)
-* [CVE-2023-33592](CVE-2023/CVE-2023-335xx/CVE-2023-33592.json) (`2023-06-28T20:15:09.593`)
-* [CVE-2023-34761](CVE-2023/CVE-2023-347xx/CVE-2023-34761.json) (`2023-06-28T20:15:09.647`)
-* [CVE-2023-3090](CVE-2023/CVE-2023-30xx/CVE-2023-3090.json) (`2023-06-28T20:15:09.693`)
-* [CVE-2023-3389](CVE-2023/CVE-2023-33xx/CVE-2023-3389.json) (`2023-06-28T20:15:09.773`)
-* [CVE-2023-21512](CVE-2023/CVE-2023-215xx/CVE-2023-21512.json) (`2023-06-28T21:15:09.373`)
-* [CVE-2023-21513](CVE-2023/CVE-2023-215xx/CVE-2023-21513.json) (`2023-06-28T21:15:09.467`)
-* [CVE-2023-21517](CVE-2023/CVE-2023-215xx/CVE-2023-21517.json) (`2023-06-28T21:15:09.557`)
-* [CVE-2023-21518](CVE-2023/CVE-2023-215xx/CVE-2023-21518.json) (`2023-06-28T21:15:09.623`)
-* [CVE-2023-2232](CVE-2023/CVE-2023-22xx/CVE-2023-2232.json) (`2023-06-28T21:15:09.707`)
-* [CVE-2023-32222](CVE-2023/CVE-2023-322xx/CVE-2023-32222.json) (`2023-06-28T21:15:09.877`)
-* [CVE-2023-32223](CVE-2023/CVE-2023-322xx/CVE-2023-32223.json) (`2023-06-28T21:15:09.940`)
-* [CVE-2023-32224](CVE-2023/CVE-2023-322xx/CVE-2023-32224.json) (`2023-06-28T21:15:10.000`)
-* [CVE-2023-34650](CVE-2023/CVE-2023-346xx/CVE-2023-34650.json) (`2023-06-28T21:15:10.067`)
-* [CVE-2023-34651](CVE-2023/CVE-2023-346xx/CVE-2023-34651.json) (`2023-06-28T21:15:10.117`)
-* [CVE-2023-34652](CVE-2023/CVE-2023-346xx/CVE-2023-34652.json) (`2023-06-28T21:15:10.167`)
-* [CVE-2023-3138](CVE-2023/CVE-2023-31xx/CVE-2023-3138.json) (`2023-06-28T21:15:10.247`)
-* [CVE-2023-3243](CVE-2023/CVE-2023-32xx/CVE-2023-3243.json) (`2023-06-28T21:15:10.310`)
-* [CVE-2023-3355](CVE-2023/CVE-2023-33xx/CVE-2023-3355.json) (`2023-06-28T21:15:10.383`)
-* [CVE-2023-3390](CVE-2023/CVE-2023-33xx/CVE-2023-3390.json) (`2023-06-28T21:15:10.447`)
-* [CVE-2023-3439](CVE-2023/CVE-2023-34xx/CVE-2023-3439.json) (`2023-06-28T21:15:10.517`)
+* [CVE-2023-34647](CVE-2023/CVE-2023-346xx/CVE-2023-34647.json) (`2023-06-28T22:15:09.397`)
+* [CVE-2023-34736](CVE-2023/CVE-2023-347xx/CVE-2023-34736.json) (`2023-06-28T22:15:09.450`)
+* [CVE-2023-36474](CVE-2023/CVE-2023-364xx/CVE-2023-36474.json) (`2023-06-28T22:15:09.503`)
+* [CVE-2023-3357](CVE-2023/CVE-2023-33xx/CVE-2023-3357.json) (`2023-06-28T22:15:09.587`)
+* [CVE-2023-3358](CVE-2023/CVE-2023-33xx/CVE-2023-3358.json) (`2023-06-28T22:15:09.647`)
+* [CVE-2023-3359](CVE-2023/CVE-2023-33xx/CVE-2023-3359.json) (`2023-06-28T22:15:09.707`)
+* [CVE-2023-36475](CVE-2023/CVE-2023-364xx/CVE-2023-36475.json) (`2023-06-28T23:15:21.140`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `40`
+Recently modified CVEs: `1`

-* [CVE-2022-29488](CVE-2022/CVE-2022-294xx/CVE-2022-29488.json) (`2023-06-28T20:30:36.683`)
-* [CVE-2022-29465](CVE-2022/CVE-2022-294xx/CVE-2022-29465.json) (`2023-06-28T20:30:42.897`)
-* [CVE-2022-28753](CVE-2022/CVE-2022-287xx/CVE-2022-28753.json) (`2023-06-28T20:31:36.900`)
-* [CVE-2022-28754](CVE-2022/CVE-2022-287xx/CVE-2022-28754.json) (`2023-06-28T20:31:41.617`)
-* [CVE-2022-2845](CVE-2022/CVE-2022-28xx/CVE-2022-2845.json) (`2023-06-28T20:31:49.540`)
-* [CVE-2022-2961](CVE-2022/CVE-2022-29xx/CVE-2022-2961.json) (`2023-06-28T20:34:05.737`)
-* [CVE-2022-29520](CVE-2022/CVE-2022-295xx/CVE-2022-29520.json) (`2023-06-28T20:35:06.567`)
-* [CVE-2022-2896](CVE-2022/CVE-2022-28xx/CVE-2022-2896.json) (`2023-06-28T20:35:11.943`)
-* [CVE-2022-29490](CVE-2022/CVE-2022-294xx/CVE-2022-29490.json) (`2023-06-28T20:35:21.053`)
-* [CVE-2022-29503](CVE-2022/CVE-2022-295xx/CVE-2022-29503.json) (`2023-06-28T20:35:33.727`)
-* [CVE-2022-30745](CVE-2022/CVE-2022-307xx/CVE-2022-30745.json) (`2023-06-28T20:36:25.107`)
-* [CVE-2022-30731](CVE-2022/CVE-2022-307xx/CVE-2022-30731.json) (`2023-06-28T20:36:29.950`)
-* [CVE-2022-30730](CVE-2022/CVE-2022-307xx/CVE-2022-30730.json) (`2023-06-28T20:36:53.570`)
-* [CVE-2022-30715](CVE-2022/CVE-2022-307xx/CVE-2022-30715.json) (`2023-06-28T20:37:00.590`)
-* [CVE-2022-30540](CVE-2022/CVE-2022-305xx/CVE-2022-30540.json) (`2023-06-28T20:40:18.737`)
-* [CVE-2022-29886](CVE-2022/CVE-2022-298xx/CVE-2022-29886.json) (`2023-06-28T20:40:22.530`)
-* [CVE-2022-29883](CVE-2022/CVE-2022-298xx/CVE-2022-29883.json) (`2023-06-28T20:40:35.943`)
-* [CVE-2022-29816](CVE-2022/CVE-2022-298xx/CVE-2022-29816.json) (`2023-06-28T20:40:46.247`)
-* [CVE-2022-2962](CVE-2022/CVE-2022-29xx/CVE-2022-2962.json) (`2023-06-28T20:40:49.643`)
-* [CVE-2023-30082](CVE-2023/CVE-2023-300xx/CVE-2023-30082.json) (`2023-06-28T20:31:58.943`)
-* [CVE-2023-34449](CVE-2023/CVE-2023-344xx/CVE-2023-34449.json) (`2023-06-28T20:46:30.513`)
-* [CVE-2023-20893](CVE-2023/CVE-2023-208xx/CVE-2023-20893.json) (`2023-06-28T20:54:28.657`)
-* [CVE-2023-35093](CVE-2023/CVE-2023-350xx/CVE-2023-35093.json) (`2023-06-28T20:56:38.603`)
-* [CVE-2023-31867](CVE-2023/CVE-2023-318xx/CVE-2023-31867.json) (`2023-06-28T21:01:58.960`)
-* [CVE-2023-2235](CVE-2023/CVE-2023-22xx/CVE-2023-2235.json) (`2023-06-28T21:15:09.777`)
+* [CVE-2023-3389](CVE-2023/CVE-2023-33xx/CVE-2023-3389.json) (`2023-06-28T22:15:09.763`)


 ## Download and Usage