From 397c31eb9d64dec162f9215425a66ade9cc8f89b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 23 Dec 2023 15:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-12-23T15:00:24.463428+00:00 --- CVE-2023/CVE-2023-70xx/CVE-2023-7008.json | 67 +++++++++++++++++++++++ README.md | 19 ++----- 2 files changed, 73 insertions(+), 13 deletions(-) create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7008.json diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7008.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7008.json new file mode 100644 index 00000000000..159840e6a2d --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7008.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-7008", + "sourceIdentifier": "secalert@redhat.com", + "published": "2023-12-23T13:15:07.573", + "lastModified": "2023-12-23T13:15:07.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-300" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-7008", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222261", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2222672", + "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/systemd/systemd/issues/25676", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 13947aa1a11..a9a219a4938 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-23T13:00:24.462433+00:00 +2023-12-23T15:00:24.463428+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-23T12:15:21.383000+00:00 +2023-12-23T13:15:07.573000+00:00 ``` ### Last Data Feed Release @@ -29,27 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234145 +234146 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `1` +* [CVE-2023-7008](CVE-2023/CVE-2023-70xx/CVE-2023-7008.json) (`2023-12-23T13:15:07.573`) ### CVEs modified in the last Commit -Recently modified CVEs: `8` +Recently modified CVEs: `0` -* [CVE-2021-33815](CVE-2021/CVE-2021-338xx/CVE-2021-33815.json) (`2023-12-23T12:15:20.680`) -* [CVE-2021-38171](CVE-2021/CVE-2021-381xx/CVE-2021-38171.json) (`2023-12-23T12:15:20.813`) -* [CVE-2021-38291](CVE-2021/CVE-2021-382xx/CVE-2021-38291.json) (`2023-12-23T12:15:20.927`) -* [CVE-2022-1475](CVE-2022/CVE-2022-14xx/CVE-2022-1475.json) (`2023-12-23T12:15:21.027`) -* [CVE-2022-3964](CVE-2022/CVE-2022-39xx/CVE-2022-3964.json) (`2023-12-23T12:15:21.140`) -* [CVE-2022-3965](CVE-2022/CVE-2022-39xx/CVE-2022-3965.json) (`2023-12-23T12:15:21.277`) -* [CVE-2022-48434](CVE-2022/CVE-2022-484xx/CVE-2022-48434.json) (`2023-12-23T12:15:21.383`) -* [CVE-2023-3515](CVE-2023/CVE-2023-35xx/CVE-2023-3515.json) (`2023-12-23T11:15:07.817`) ## Download and Usage