Auto-Update: 2023-12-05T11:00:17.638302+00:00

2025-05-08 19:47:09 +00:00 · 2023-12-05 11:00:21 +00:00 · 2023-12-05 11:00:21 +00:00 · 1f7d7b7690
commit 1f7d7b7690
parent 754867b8c0
5 changed files with 57 additions and 36 deletions
--- a/CVE-2021/CVE-2021-392xx/CVE-2021-39236.json
+++ b/CVE-2021/CVE-2021-392xx/CVE-2021-39236.json
@ -2,8 +2,8 @@
  "id": "CVE-2021-39236",
  "sourceIdentifier": "security@apache.org",
  "published": "2021-11-19T10:15:08.347",
-  "lastModified": "2023-11-13T12:15:07.537",
-  "vulnStatus": "Modified",
+  "lastModified": "2023-12-05T10:15:07.490",
+  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
      "lang": "en",
@ -65,7 +65,7 @@
  },
  "weaknesses": [
    {
-      "source": "nvd@nist.gov",
+      "source": "security@apache.org",
      "type": "Primary",
      "description": [
        {
@ -75,12 +75,12 @@
      ]
    },
    {
-      "source": "security@apache.org",
+      "source": "nvd@nist.gov",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
-          "value": "CWE-863"
+          "value": "CWE-862"
        }
      ]
    }
--- a/CVE-2023/CVE-2023-418xx/CVE-2023-41835.json
+++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41835.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-41835",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2023-12-05T09:15:07.093",
+  "lastModified": "2023-12-05T09:15:07.093",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "When a Multipart request is performed but some of the fields exceed the maxStringLength\u00a0 limit, the upload files will remain in struts.multipart.saveDir\u00a0 even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-913"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-443xx/CVE-2023-44330.json
+++ b/CVE-2023/CVE-2023-443xx/CVE-2023-44330.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-44330",
  "sourceIdentifier": "psirt@adobe.com",
  "published": "2023-11-16T15:15:08.683",
-  "lastModified": "2023-11-20T19:16:31.177",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-05T09:15:07.197",
+  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
+      "value": "Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
    },
    {
      "lang": "es",
@ -18,7 +18,7 @@
    "cvssMetricV31": [
      {
        "source": "psirt@adobe.com",
-        "type": "Secondary",
+        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
--- a/CVE-2023/CVE-2023-465xx/CVE-2023-46589.json
+++ b/CVE-2023/CVE-2023-465xx/CVE-2023-46589.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-46589",
  "sourceIdentifier": "security@apache.org",
  "published": "2023-11-28T16:15:06.943",
-  "lastModified": "2023-12-04T19:11:01.663",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-12-05T10:15:07.960",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -55,7 +55,7 @@
      "description": [
        {
          "lang": "en",
-          "value": "CWE-20"
+          "value": "CWE-444"
        }
      ]
    }
@ -144,14 +144,6 @@
    }
  ],
  "references": [
-    {
-      "url": "http://www.openwall.com/lists/oss-security/2023/11/28/2",
-      "source": "security@apache.org",
-      "tags": [
-        "Mailing List",
-        "Third Party Advisory"
-      ]
-    },
    {
      "url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr",
      "source": "security@apache.org",
@ -159,6 +151,10 @@
        "Mailing List",
        "Vendor Advisory"
      ]
+    },
+    {
+      "url": "https://www.openwall.com/lists/oss-security/2023/11/28/2",
+      "source": "security@apache.org"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-12-05T09:00:18.398362+00:00
+2023-12-05T11:00:17.638302+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-12-05T08:15:08.020000+00:00
+2023-12-05T10:15:07.960000+00:00
 ```

 ### Last Data Feed Release
@ -29,30 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-232324
+232325
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `1`

-* [CVE-2023-43472](CVE-2023/CVE-2023-434xx/CVE-2023-43472.json) (`2023-12-05T07:15:07.667`)
-* [CVE-2023-49070](CVE-2023/CVE-2023-490xx/CVE-2023-49070.json) (`2023-12-05T08:15:07.443`)
-* [CVE-2023-5188](CVE-2023/CVE-2023-51xx/CVE-2023-5188.json) (`2023-12-05T08:15:07.690`)
-* [CVE-2023-6269](CVE-2023/CVE-2023-62xx/CVE-2023-6269.json) (`2023-12-05T08:15:08.020`)
+* [CVE-2023-41835](CVE-2023/CVE-2023-418xx/CVE-2023-41835.json) (`2023-12-05T09:15:07.093`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `7`
+Recently modified CVEs: `3`

-* [CVE-2023-48893](CVE-2023/CVE-2023-488xx/CVE-2023-48893.json) (`2023-12-05T07:15:07.980`)
-* [CVE-2023-4662](CVE-2023/CVE-2023-46xx/CVE-2023-4662.json) (`2023-12-05T07:15:08.223`)
-* [CVE-2023-5921](CVE-2023/CVE-2023-59xx/CVE-2023-5921.json) (`2023-12-05T07:15:09.270`)
-* [CVE-2023-5983](CVE-2023/CVE-2023-59xx/CVE-2023-5983.json) (`2023-12-05T07:15:10.020`)
-* [CVE-2023-6150](CVE-2023/CVE-2023-61xx/CVE-2023-6150.json) (`2023-12-05T07:15:10.570`)
-* [CVE-2023-6151](CVE-2023/CVE-2023-61xx/CVE-2023-6151.json) (`2023-12-05T07:15:11.207`)
-* [CVE-2023-6201](CVE-2023/CVE-2023-62xx/CVE-2023-6201.json) (`2023-12-05T07:15:11.860`)
+* [CVE-2021-39236](CVE-2021/CVE-2021-392xx/CVE-2021-39236.json) (`2023-12-05T10:15:07.490`)
+* [CVE-2023-44330](CVE-2023/CVE-2023-443xx/CVE-2023-44330.json) (`2023-12-05T09:15:07.197`)
+* [CVE-2023-46589](CVE-2023/CVE-2023-465xx/CVE-2023-46589.json) (`2023-12-05T10:15:07.960`)


 ## Download and Usage