Auto-Update: 2023-10-16T02:00:26.532365+00:00

2025-05-07 11:07:05 +00:00 · 2023-10-16 02:00:30 +00:00 · 2023-10-16 02:00:30 +00:00 · 234b7d9f22
commit 234b7d9f22
parent c471a73b3b
7 changed files with 326 additions and 9 deletions
--- a/CVE-2022/CVE-2022-486xx/CVE-2022-48612.json
+++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48612.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2022-48612",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-10-16T00:15:10.350",
+  "lastModified": "2023-10-16T00:15:10.350",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://blog.zerdle.net/classlink/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-338xx/CVE-2023-33836.json
+++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33836.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-33836",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2023-10-16T01:15:09.670",
+  "lastModified": "2023-10-16T01:15:09.670",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.  IBM X-Force ID:  256016."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-798"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/256016",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7047640",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-350xx/CVE-2023-35013.json
+++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35013.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-35013",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2023-10-16T00:15:10.420",
+  "lastModified": "2023-10-16T00:15:10.420",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code.  IBM X-Force ID:  257769."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.3,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 0.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-540"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257769",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7050358",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-350xx/CVE-2023-35018.json
+++ b/CVE-2023/CVE-2023-350xx/CVE-2023-35018.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-35018",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2023-10-16T00:15:10.510",
+  "lastModified": "2023-10-16T00:15:10.510",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation.  IBM X-Force ID:  259382."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.3,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 0.7,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259382",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7050358",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-403xx/CVE-2023-40377.json
+++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40377.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-40377",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2023-10-16T01:15:09.760",
+  "lastModified": "2023-10-16T01:15:09.760",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability.  A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system.  IBM X-Force ID:  263583."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.4,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-269"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/263583",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/7048121",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-55xx/CVE-2023-5591.json
+++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5591.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-5591",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2023-10-16T01:15:09.857",
+  "lastModified": "2023-10-16T01:15:09.857",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": " SQL Injection in GitHub repository librenms/librenms prior to 23.10.0."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-10-15T23:55:24.582019+00:00
+2023-10-16T02:00:26.532365+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-10-15T23:15:44.857000+00:00
+2023-10-16T01:15:09.857000+00:00
 ```

 ### Last Data Feed Release
@ -23,23 +23,25 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2023-10-15T00:00:13.565697+00:00
+2023-10-16T00:00:13.560662+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-227823
+227829
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `6`

-* [CVE-2023-5587](CVE-2023/CVE-2023-55xx/CVE-2023-5587.json) (`2023-10-15T22:15:15.583`)
-* [CVE-2023-5588](CVE-2023/CVE-2023-55xx/CVE-2023-5588.json) (`2023-10-15T22:15:15.703`)
-* [CVE-2023-5589](CVE-2023/CVE-2023-55xx/CVE-2023-5589.json) (`2023-10-15T23:15:44.777`)
-* [CVE-2023-5590](CVE-2023/CVE-2023-55xx/CVE-2023-5590.json) (`2023-10-15T23:15:44.857`)
+* [CVE-2022-48612](CVE-2022/CVE-2022-486xx/CVE-2022-48612.json) (`2023-10-16T00:15:10.350`)
+* [CVE-2023-35013](CVE-2023/CVE-2023-350xx/CVE-2023-35013.json) (`2023-10-16T00:15:10.420`)
+* [CVE-2023-35018](CVE-2023/CVE-2023-350xx/CVE-2023-35018.json) (`2023-10-16T00:15:10.510`)
+* [CVE-2023-33836](CVE-2023/CVE-2023-338xx/CVE-2023-33836.json) (`2023-10-16T01:15:09.670`)
+* [CVE-2023-40377](CVE-2023/CVE-2023-403xx/CVE-2023-40377.json) (`2023-10-16T01:15:09.760`)
+* [CVE-2023-5591](CVE-2023/CVE-2023-55xx/CVE-2023-5591.json) (`2023-10-16T01:15:09.857`)


 ### CVEs modified in the last Commit