Auto-Update: 2023-09-29T10:00:24.166515+00:00

2025-05-30 10:10:41 +00:00 · 2023-09-29 10:00:27 +00:00 · 2023-09-29 10:00:27 +00:00 · 3ee0f3edc0
commit 3ee0f3edc0
parent 8e53b895c4
5 changed files with 240 additions and 16 deletions
--- a/CVE-2023/CVE-2023-324xx/CVE-2023-32477.json
+++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32477.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-32477",
+  "sourceIdentifier": "security_alert@emc.com",
+  "published": "2023-09-29T08:15:09.437",
+  "lastModified": "2023-09-29T08:15:09.437",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "\nDell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security_alert@emc.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security_alert@emc.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000218120/dsa-2023-310-security-update-for-dell-emc-common-event-enabler",
+      "source": "security_alert@emc.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-34xx/CVE-2023-3413.json
+++ b/CVE-2023/CVE-2023-34xx/CVE-2023-3413.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3413",
+  "sourceIdentifier": "cve@gitlab.com",
+  "published": "2023-09-29T09:15:10.180",
+  "lastModified": "2023-09-29T09:15:10.180",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@gitlab.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@gitlab.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416284",
+      "source": "cve@gitlab.com"
+    },
+    {
+      "url": "https://hackerone.com/reports/2027967",
+      "source": "cve@gitlab.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-39xx/CVE-2023-3922.json
+++ b/CVE-2023/CVE-2023-39xx/CVE-2023-3922.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-3922",
+  "sourceIdentifier": "cve@gitlab.com",
+  "published": "2023-09-29T08:15:09.537",
+  "lastModified": "2023-09-29T08:15:09.537",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@gitlab.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 3.0,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.3,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@gitlab.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/394770",
+      "source": "cve@gitlab.com"
+    },
+    {
+      "url": "https://hackerone.com/reports/1887323",
+      "source": "cve@gitlab.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-51xx/CVE-2023-5198.json
+++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5198.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-5198",
+  "sourceIdentifier": "cve@gitlab.com",
+  "published": "2023-09-29T08:15:09.610",
+  "lastModified": "2023-09-29T08:15:09.610",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@gitlab.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@gitlab.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416957",
+      "source": "cve@gitlab.com"
+    },
+    {
+      "url": "https://hackerone.com/reports/2041789",
+      "source": "cve@gitlab.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-09-29T08:00:26.836881+00:00
+2023-09-29T10:00:24.166515+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-09-29T07:15:14.200000+00:00
+2023-09-29T09:15:10.180000+00:00
 ```

 ### Last Data Feed Release
@ -29,25 +29,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-226575
+226579
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `12`
+Recently added CVEs: `4`

-* [CVE-2023-30591](CVE-2023/CVE-2023-305xx/CVE-2023-30591.json) (`2023-09-29T06:15:09.870`)
-* [CVE-2023-44466](CVE-2023/CVE-2023-444xx/CVE-2023-44466.json) (`2023-09-29T06:15:11.007`)
-* [CVE-2023-0989](CVE-2023/CVE-2023-09xx/CVE-2023-0989.json) (`2023-09-29T07:15:12.520`)
-* [CVE-2023-2233](CVE-2023/CVE-2023-22xx/CVE-2023-2233.json) (`2023-09-29T07:15:12.927`)
-* [CVE-2023-3115](CVE-2023/CVE-2023-31xx/CVE-2023-3115.json) (`2023-09-29T07:15:13.100`)
-* [CVE-2023-3906](CVE-2023/CVE-2023-39xx/CVE-2023-3906.json) (`2023-09-29T07:15:13.233`)
-* [CVE-2023-3914](CVE-2023/CVE-2023-39xx/CVE-2023-3914.json) (`2023-09-29T07:15:13.380`)
-* [CVE-2023-3917](CVE-2023/CVE-2023-39xx/CVE-2023-3917.json) (`2023-09-29T07:15:13.557`)
-* [CVE-2023-3920](CVE-2023/CVE-2023-39xx/CVE-2023-3920.json) (`2023-09-29T07:15:13.777`)
-* [CVE-2023-3979](CVE-2023/CVE-2023-39xx/CVE-2023-3979.json) (`2023-09-29T07:15:13.910`)
-* [CVE-2023-44469](CVE-2023/CVE-2023-444xx/CVE-2023-44469.json) (`2023-09-29T07:15:14.073`)
-* [CVE-2023-4532](CVE-2023/CVE-2023-45xx/CVE-2023-4532.json) (`2023-09-29T07:15:14.200`)
+* [CVE-2023-32477](CVE-2023/CVE-2023-324xx/CVE-2023-32477.json) (`2023-09-29T08:15:09.437`)
+* [CVE-2023-3922](CVE-2023/CVE-2023-39xx/CVE-2023-3922.json) (`2023-09-29T08:15:09.537`)
+* [CVE-2023-5198](CVE-2023/CVE-2023-51xx/CVE-2023-5198.json) (`2023-09-29T08:15:09.610`)
+* [CVE-2023-3413](CVE-2023/CVE-2023-34xx/CVE-2023-3413.json) (`2023-09-29T09:15:10.180`)


 ### CVEs modified in the last Commit