From 3c2671bb907b5ad264eb64508069ff71d0399d29 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 30 Sep 2023 18:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-30T18:00:24.476237+00:00 --- CVE-2021/CVE-2021-403xx/CVE-2021-40393.json | 14 ++-- CVE-2021/CVE-2021-403xx/CVE-2021-40394.json | 8 +- CVE-2022/CVE-2022-49xx/CVE-2022-4956.json | 92 +++++++++++++++++++++ CVE-2023/CVE-2023-45xx/CVE-2023-4508.json | 8 +- README.md | 23 ++---- 5 files changed, 122 insertions(+), 23 deletions(-) create mode 100644 CVE-2022/CVE-2022-49xx/CVE-2022-4956.json diff --git a/CVE-2021/CVE-2021-403xx/CVE-2021-40393.json b/CVE-2021/CVE-2021-403xx/CVE-2021-40393.json index 34b209c65b2..6884b8ebdc0 100644 --- a/CVE-2021/CVE-2021-403xx/CVE-2021-40393.json +++ b/CVE-2021/CVE-2021-403xx/CVE-2021-40393.json @@ -2,7 +2,7 @@ "id": "CVE-2021-40393", "sourceIdentifier": "talos-cna@cisco.com", "published": "2021-12-22T19:15:11.420", - "lastModified": "2023-08-19T03:15:09.293", + "lastModified": "2023-09-30T17:15:39.103", "vulnStatus": "Modified", "descriptions": [ { @@ -87,22 +87,22 @@ }, "weaknesses": [ { - "source": "talos-cna@cisco.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-119" + "value": "CWE-787" } ] }, { - "source": "nvd@nist.gov", + "source": "talos-cna@cisco.com", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-787" + "value": "CWE-119" } ] } @@ -150,6 +150,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html", + "source": "talos-cna@cisco.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/37OSNNO5N5FJZP6ZBYRJMML5HYMJQIX7/", "source": "talos-cna@cisco.com" diff --git a/CVE-2021/CVE-2021-403xx/CVE-2021-40394.json b/CVE-2021/CVE-2021-403xx/CVE-2021-40394.json index 6ef4071bb99..283a198809f 100644 --- a/CVE-2021/CVE-2021-403xx/CVE-2021-40394.json +++ b/CVE-2021/CVE-2021-403xx/CVE-2021-40394.json @@ -2,8 +2,8 @@ "id": "CVE-2021-40394", "sourceIdentifier": "talos-cna@cisco.com", "published": "2021-12-22T19:15:11.460", - "lastModified": "2023-02-24T15:32:27.423", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-30T17:15:39.227", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -140,6 +140,10 @@ } ], "references": [ + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html", + "source": "talos-cna@cisco.com" + }, { "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404", "source": "talos-cna@cisco.com", diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4956.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4956.json new file mode 100644 index 00000000000..20c95ef9b9e --- /dev/null +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4956.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2022-4956", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-09-30T17:15:39.323", + "lastModified": "2023-09-30T17:15:39.323", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "LOCAL", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 6.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 3.1, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://heegong.github.io/posts/Advaned-Installer-Local-Privilege-Escalation-Vulnerability/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.240903", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.240903", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.advancedinstaller.com/release-19.7.1.html#bugfixes", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4508.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4508.json index 1d5b7bacf5f..d16a91fd1be 100644 --- a/CVE-2023/CVE-2023-45xx/CVE-2023-4508.json +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4508.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4508", "sourceIdentifier": "security@ubuntu.com", "published": "2023-08-24T23:15:09.380", - "lastModified": "2023-08-29T17:49:22.027", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-30T17:15:39.413", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -118,6 +118,10 @@ "Issue Tracking", "Third Party Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00040.html", + "source": "security@ubuntu.com" } ] } \ No newline at end of file diff --git a/README.md b/README.md index 772b334224f..f84c72d6eb4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-30T16:00:24.362462+00:00 +2023-09-30T18:00:24.476237+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-30T15:15:10.337000+00:00 +2023-09-30T17:15:39.413000+00:00 ``` ### Last Data Feed Release @@ -29,28 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -226665 +226666 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `1` -* [CVE-2023-5303](CVE-2023/CVE-2023-53xx/CVE-2023-5303.json) (`2023-09-30T14:15:15.737`) -* [CVE-2023-5321](CVE-2023/CVE-2023-53xx/CVE-2023-5321.json) (`2023-09-30T14:15:15.843`) -* [CVE-2023-5304](CVE-2023/CVE-2023-53xx/CVE-2023-5304.json) (`2023-09-30T15:15:10.180`) -* [CVE-2023-5305](CVE-2023/CVE-2023-53xx/CVE-2023-5305.json) (`2023-09-30T15:15:10.260`) -* [CVE-2023-5313](CVE-2023/CVE-2023-53xx/CVE-2023-5313.json) (`2023-09-30T15:15:10.337`) +* [CVE-2022-4956](CVE-2022/CVE-2022-49xx/CVE-2022-4956.json) (`2023-09-30T17:15:39.323`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `3` -* [CVE-2023-26048](CVE-2023/CVE-2023-260xx/CVE-2023-26048.json) (`2023-09-30T15:15:09.710`) -* [CVE-2023-26049](CVE-2023/CVE-2023-260xx/CVE-2023-26049.json) (`2023-09-30T15:15:09.857`) -* [CVE-2023-36479](CVE-2023/CVE-2023-364xx/CVE-2023-36479.json) (`2023-09-30T15:15:09.973`) -* [CVE-2023-40167](CVE-2023/CVE-2023-401xx/CVE-2023-40167.json) (`2023-09-30T15:15:10.080`) +* [CVE-2021-40393](CVE-2021/CVE-2021-403xx/CVE-2021-40393.json) (`2023-09-30T17:15:39.103`) +* [CVE-2021-40394](CVE-2021/CVE-2021-403xx/CVE-2021-40394.json) (`2023-09-30T17:15:39.227`) +* [CVE-2023-4508](CVE-2023/CVE-2023-45xx/CVE-2023-4508.json) (`2023-09-30T17:15:39.413`) ## Download and Usage