Auto-Update: 2024-01-02T11:00:24.987551+00:00

2025-05-08 19:47:09 +00:00 · 2024-01-02 11:00:28 +00:00 · 2024-01-02 11:00:28 +00:00 · 3bcfab91cb
commit 3bcfab91cb
parent ec317e36db
9 changed files with 257 additions and 22 deletions
--- a/CVE-2023/CVE-2023-478xx/CVE-2023-47858.json
+++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47858.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-47858",
+  "sourceIdentifier": "responsibledisclosure@mattermost.com",
+  "published": "2024-01-02T10:15:08.117",
+  "lastModified": "2024-01-02T10:15:08.117",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Mattermost fails to properly verify the permissions needed for viewing archived public channels,\u00a0\u00a0allowing a member of one team to get details about the archived public channels of another team via the\u00a0GET /api/v4/teams/<team-id>/channels/deleted endpoint.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "responsibledisclosure@mattermost.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "responsibledisclosure@mattermost.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://mattermost.com/security-updates",
+      "source": "responsibledisclosure@mattermost.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-487xx/CVE-2023-48732.json
+++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48732.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-48732",
+  "sourceIdentifier": "responsibledisclosure@mattermost.com",
+  "published": "2024-01-02T10:15:08.487",
+  "lastModified": "2024-01-02T10:15:08.487",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Mattermost fails to scope the WebSocket response around notified users\u00a0to a each user separately resulting in the\u00a0WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "responsibledisclosure@mattermost.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "responsibledisclosure@mattermost.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://mattermost.com/security-updates",
+      "source": "responsibledisclosure@mattermost.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-503xx/CVE-2023-50333.json
+++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50333.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-50333",
+  "sourceIdentifier": "responsibledisclosure@mattermost.com",
+  "published": "2024-01-02T10:15:08.723",
+  "lastModified": "2024-01-02T10:15:08.723",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Mattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing\u00a0freshly demoted guests to change group names.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "responsibledisclosure@mattermost.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 3.7,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "responsibledisclosure@mattermost.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://mattermost.com/security-updates",
+      "source": "responsibledisclosure@mattermost.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-60xx/CVE-2023-6051.json
+++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6051.json
@ -2,12 +2,12 @@
  "id": "CVE-2023-6051",
  "sourceIdentifier": "cve@gitlab.com",
  "published": "2023-12-15T16:15:46.490",
-  "lastModified": "2023-12-19T20:46:20.970",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-02T09:15:07.310",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
-      "value": "An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 15.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag."
+      "value": "An issue has been discovered in GitLab CE/EE affecting all versions before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when source code or installation packages are pulled from a specific tag."
    },
    {
      "lang": "es",
--- a/CVE-2023/CVE-2023-62xx/CVE-2023-6277.json
+++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6277.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-6277",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2023-11-24T19:15:07.643",
-  "lastModified": "2023-11-30T20:05:33.610",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-02T09:15:07.500",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -41,19 +41,19 @@
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
-          "userInteraction": "NONE",
+          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
-          "baseScore": 7.5,
-          "baseSeverity": "HIGH"
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
        },
-        "exploitabilityScore": 3.9,
+        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ]
--- a/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json
+++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-6693",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2024-01-02T10:15:08.930",
+  "lastModified": "2024-01-02T10:15:08.930",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.4,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2023-6693",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254580",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-71xx/CVE-2023-7172.json
+++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7172.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-7172",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-12-30T09:15:07.953",
-  "lastModified": "2024-01-01T02:12:45.130",
+  "lastModified": "2024-01-02T10:15:09.137",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -76,6 +76,10 @@
      "url": "https://drive.google.com/file/d/11DHRUjvOF0yV24I4JlZ0X1RE4V-mcood/view?usp=sharing",
      "source": "cna@vuldb.com"
    },
+    {
+      "url": "https://github.com/sharathc213/CVE-2023-7172",
+      "source": "cna@vuldb.com"
+    },
    {
      "url": "https://vuldb.com/?ctiid.249356",
      "source": "cna@vuldb.com"
--- a/CVE-2023/CVE-2023-71xx/CVE-2023-7173.json
+++ b/CVE-2023/CVE-2023-71xx/CVE-2023-7173.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-7173",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-12-30T12:15:44.680",
-  "lastModified": "2024-01-01T02:12:45.130",
+  "lastModified": "2024-01-02T10:15:09.250",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -76,6 +76,10 @@
      "url": "https://drive.google.com/file/d/1Mqs0mmxxmKLrFLHekPke5bZnzMHvnrFm/view?usp=sharing",
      "source": "cna@vuldb.com"
    },
+    {
+      "url": "https://github.com/sharathc213/CVE-2023-7173",
+      "source": "cna@vuldb.com"
+    },
    {
      "url": "https://vuldb.com/?ctiid.249357",
      "source": "cna@vuldb.com"
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-02T09:00:25.061033+00:00
+2024-01-02T11:00:24.987551+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-02T08:15:10.123000+00:00
+2024-01-02T10:15:09.250000+00:00
 ```

 ### Last Data Feed Release
@ -29,24 +29,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-234680
+234684
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `4`

-* [CVE-2023-47216](CVE-2023/CVE-2023-472xx/CVE-2023-47216.json) (`2024-01-02T08:15:09.077`)
-* [CVE-2023-47857](CVE-2023/CVE-2023-478xx/CVE-2023-47857.json) (`2024-01-02T08:15:09.480`)
-* [CVE-2023-48360](CVE-2023/CVE-2023-483xx/CVE-2023-48360.json) (`2024-01-02T08:15:09.707`)
-* [CVE-2023-49135](CVE-2023/CVE-2023-491xx/CVE-2023-49135.json) (`2024-01-02T08:15:09.927`)
-* [CVE-2023-49142](CVE-2023/CVE-2023-491xx/CVE-2023-49142.json) (`2024-01-02T08:15:10.123`)
+* [CVE-2023-47858](CVE-2023/CVE-2023-478xx/CVE-2023-47858.json) (`2024-01-02T10:15:08.117`)
+* [CVE-2023-48732](CVE-2023/CVE-2023-487xx/CVE-2023-48732.json) (`2024-01-02T10:15:08.487`)
+* [CVE-2023-50333](CVE-2023/CVE-2023-503xx/CVE-2023-50333.json) (`2024-01-02T10:15:08.723`)
+* [CVE-2023-6693](CVE-2023/CVE-2023-66xx/CVE-2023-6693.json) (`2024-01-02T10:15:08.930`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `4`

+* [CVE-2023-6051](CVE-2023/CVE-2023-60xx/CVE-2023-6051.json) (`2024-01-02T09:15:07.310`)
+* [CVE-2023-6277](CVE-2023/CVE-2023-62xx/CVE-2023-6277.json) (`2024-01-02T09:15:07.500`)
+* [CVE-2023-7172](CVE-2023/CVE-2023-71xx/CVE-2023-7172.json) (`2024-01-02T10:15:09.137`)
+* [CVE-2023-7173](CVE-2023/CVE-2023-71xx/CVE-2023-7173.json) (`2024-01-02T10:15:09.250`)


 ## Download and Usage