From 1e917686a57ed155b19ecc3e2fcde4625acc05d0 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 30 Sep 2023 22:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-30T22:00:24.702429+00:00 --- CVE-2022/CVE-2022-471xx/CVE-2022-47185.json | 6 ++- CVE-2023/CVE-2023-323xx/CVE-2023-32360.json | 6 ++- CVE-2023/CVE-2023-339xx/CVE-2023-33934.json | 6 ++- CVE-2023/CVE-2023-437xx/CVE-2023-43712.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-437xx/CVE-2023-43713.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-437xx/CVE-2023-43714.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-437xx/CVE-2023-43715.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-437xx/CVE-2023-43716.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-444xx/CVE-2023-44488.json | 32 +++++++++++ CVE-2023/CVE-2023-45xx/CVE-2023-4504.json | 6 ++- CVE-2023/CVE-2023-52xx/CVE-2023-5217.json | 14 ++++- README.md | 22 +++++--- 12 files changed, 376 insertions(+), 11 deletions(-) create mode 100644 CVE-2023/CVE-2023-437xx/CVE-2023-43712.json create mode 100644 CVE-2023/CVE-2023-437xx/CVE-2023-43713.json create mode 100644 CVE-2023/CVE-2023-437xx/CVE-2023-43714.json create mode 100644 CVE-2023/CVE-2023-437xx/CVE-2023-43715.json create mode 100644 CVE-2023/CVE-2023-437xx/CVE-2023-43716.json create mode 100644 CVE-2023/CVE-2023-444xx/CVE-2023-44488.json diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47185.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47185.json index a9e71e64122..5a1b8e9c0a8 100644 --- a/CVE-2022/CVE-2022-471xx/CVE-2022-47185.json +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47185.json @@ -2,7 +2,7 @@ "id": "CVE-2022-47185", "sourceIdentifier": "security@apache.org", "published": "2023-08-09T07:15:09.930", - "lastModified": "2023-08-18T04:15:17.607", + "lastModified": "2023-09-30T21:15:09.653", "vulnStatus": "Modified", "descriptions": [ { @@ -91,6 +91,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00042.html", + "source": "security@apache.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOTOM2MFKOLK46Q3BQHO662HTPZFRQUC/", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json b/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json index db4ca4d56b8..5740193a38f 100644 --- a/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json +++ b/CVE-2023/CVE-2023-323xx/CVE-2023-32360.json @@ -2,7 +2,7 @@ "id": "CVE-2023-32360", "sourceIdentifier": "product-security@apple.com", "published": "2023-06-23T18:15:11.647", - "lastModified": "2023-07-27T04:15:23.663", + "lastModified": "2023-09-30T20:15:10.103", "vulnStatus": "Modified", "descriptions": [ { @@ -80,6 +80,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html", + "source": "product-security@apple.com" + }, { "url": "https://support.apple.com/en-us/HT213758", "source": "product-security@apple.com", diff --git a/CVE-2023/CVE-2023-339xx/CVE-2023-33934.json b/CVE-2023/CVE-2023-339xx/CVE-2023-33934.json index ef397c3a75f..3de21627da6 100644 --- a/CVE-2023/CVE-2023-339xx/CVE-2023-33934.json +++ b/CVE-2023/CVE-2023-339xx/CVE-2023-33934.json @@ -2,7 +2,7 @@ "id": "CVE-2023-33934", "sourceIdentifier": "security@apache.org", "published": "2023-08-09T07:15:10.297", - "lastModified": "2023-09-28T09:15:12.597", + "lastModified": "2023-09-30T21:15:09.760", "vulnStatus": "Modified", "descriptions": [ { @@ -91,6 +91,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00042.html", + "source": "security@apache.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BOTOM2MFKOLK46Q3BQHO662HTPZFRQUC/", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43712.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43712.json new file mode 100644 index 00000000000..b7fc6fa1e0f --- /dev/null +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43712.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-43712", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-09-30T21:15:09.850", + "lastModified": "2023-09-30T21:15:09.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"access_levels_name\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/bts/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.oscommerce.com/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43713.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43713.json new file mode 100644 index 00000000000..6ce75e3b2bd --- /dev/null +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43713.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-43713", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-09-30T21:15:09.947", + "lastModified": "2023-09-30T21:15:09.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability,\nwhich allows attackers to inject JS via the \"title\" parameter, in the \"/admin/admin-menu/add-submit\"\nendpoint, which can lead to unauthorized execution of scripts in a user's web browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/bts/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.oscommerce.com/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43714.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43714.json new file mode 100644 index 00000000000..dc47f2a6cfd --- /dev/null +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43714.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-43714", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-09-30T21:15:10.010", + "lastModified": "2023-09-30T21:15:10.010", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"SKIP_CART_PAGE_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/bts/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.oscommerce.com/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43715.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43715.json new file mode 100644 index 00000000000..827846aab3e --- /dev/null +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43715.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-43715", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-09-30T21:15:10.077", + "lastModified": "2023-09-30T21:15:10.077", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/bts/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.oscommerce.com/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43716.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43716.json new file mode 100644 index 00000000000..38cf29a4b97 --- /dev/null +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43716.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-43716", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2023-09-30T21:15:10.140", + "lastModified": "2023-09-30T21:15:10.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the \"MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]\" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/bts/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.oscommerce.com/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json new file mode 100644 index 00000000000..8ae33214d56 --- /dev/null +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-44488", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-30T20:15:10.200", + "lastModified": "2023-09-30T20:15:10.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/webmproject/libvpx/compare/v1.13.0...v1.13.1", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json index 7b7b59162cf..4810bc50565 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4504.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4504", "sourceIdentifier": "cve@takeonme.org", "published": "2023-09-21T23:15:12.293", - "lastModified": "2023-09-29T02:15:50.637", + "lastModified": "2023-09-30T20:15:10.257", "vulnStatus": "Modified", "descriptions": [ { @@ -107,6 +107,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00041.html", + "source": "cve@takeonme.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/", "source": "cve@takeonme.org" diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json index 8921f3a4067..8c4f07759f2 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5217", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-28T16:15:10.980", - "lastModified": "2023-09-30T19:15:12.517", + "lastModified": "2023-09-30T21:15:10.203", "vulnStatus": "Modified", "descriptions": [ { @@ -163,6 +163,14 @@ "url": "http://www.openwall.com/lists/oss-security/2023/09/30/1", "source": "chrome-cve-admin@google.com" }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/30/2", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/", "source": "chrome-cve-admin@google.com" @@ -194,6 +202,10 @@ "url": "https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://github.com/webmproject/libvpx/releases/tag/v1.13.1", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://github.com/webmproject/libvpx/tags", "source": "chrome-cve-admin@google.com" diff --git a/README.md b/README.md index d470cd24f1b..65a2778784e 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-30T20:00:25.136677+00:00 +2023-09-30T22:00:24.702429+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-30T19:15:12.517000+00:00 +2023-09-30T21:15:10.203000+00:00 ``` ### Last Data Feed Release @@ -29,20 +29,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226666 +226672 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `6` +* [CVE-2023-44488](CVE-2023/CVE-2023-444xx/CVE-2023-44488.json) (`2023-09-30T20:15:10.200`) +* [CVE-2023-43712](CVE-2023/CVE-2023-437xx/CVE-2023-43712.json) (`2023-09-30T21:15:09.850`) +* [CVE-2023-43713](CVE-2023/CVE-2023-437xx/CVE-2023-43713.json) (`2023-09-30T21:15:09.947`) +* [CVE-2023-43714](CVE-2023/CVE-2023-437xx/CVE-2023-43714.json) (`2023-09-30T21:15:10.010`) +* [CVE-2023-43715](CVE-2023/CVE-2023-437xx/CVE-2023-43715.json) (`2023-09-30T21:15:10.077`) +* [CVE-2023-43716](CVE-2023/CVE-2023-437xx/CVE-2023-43716.json) (`2023-09-30T21:15:10.140`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `5` -* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-09-30T19:15:12.517`) +* [CVE-2022-47185](CVE-2022/CVE-2022-471xx/CVE-2022-47185.json) (`2023-09-30T21:15:09.653`) +* [CVE-2023-32360](CVE-2023/CVE-2023-323xx/CVE-2023-32360.json) (`2023-09-30T20:15:10.103`) +* [CVE-2023-4504](CVE-2023/CVE-2023-45xx/CVE-2023-4504.json) (`2023-09-30T20:15:10.257`) +* [CVE-2023-33934](CVE-2023/CVE-2023-339xx/CVE-2023-33934.json) (`2023-09-30T21:15:09.760`) +* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-09-30T21:15:10.203`) ## Download and Usage