Auto-Update: 2023-10-06T08:00:25.456857+00:00

2025-05-08 03:27:17 +00:00 · 2023-10-06 08:00:29 +00:00 · 2023-10-06 08:00:29 +00:00 · 4eedda2c67
commit 4eedda2c67
parent 3e7658d5c2
8 changed files with 192 additions and 15 deletions
--- a/CVE-2019/CVE-2019-197xx/CVE-2019-19726.json
+++ b/CVE-2019/CVE-2019-197xx/CVE-2019-19726.json
@ -2,7 +2,7 @@
  "id": "CVE-2019-19726",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-12-12T01:15:10.823",
-  "lastModified": "2023-10-03T21:15:09.797",
+  "lastModified": "2023-10-06T06:15:09.430",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -120,6 +120,10 @@
        "Third Party Advisory"
      ]
    },
+    {
+      "url": "http://seclists.org/fulldisclosure/2023/Oct/11",
+      "source": "cve@mitre.org"
+    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2023/10/03/2",
      "source": "cve@mitre.org"
--- a/CVE-2020/CVE-2020-62xx/CVE-2020-6215.json
+++ b/CVE-2020/CVE-2020-62xx/CVE-2020-6215.json
@ -2,8 +2,8 @@
  "id": "CVE-2020-6215",
  "sourceIdentifier": "cna@sap.com",
  "published": "2020-04-14T20:15:15.293",
-  "lastModified": "2020-04-15T17:21:26.257",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2023-10-06T06:15:10.467",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -165,6 +165,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2023/Oct/13",
+      "source": "cna@sap.com"
+    },
    {
      "url": "https://launchpad.support.sap.com/#/notes/2872782",
      "source": "cna@sap.com",
--- a/CVE-2023/CVE-2023-405xx/CVE-2023-40556.json
+++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40556.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-40556",
+  "sourceIdentifier": "audit@patchstack.com",
+  "published": "2023-10-06T06:15:11.157",
+  "lastModified": "2023-10-06T06:15:11.157",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <=\u00a05.2 versions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "audit@patchstack.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "audit@patchstack.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchstack.com/database/vulnerability/schedule-posts-calendar/wordpress-schedule-posts-calendar-plugin-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
+      "source": "audit@patchstack.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-428xx/CVE-2023-42824.json
+++ b/CVE-2023/CVE-2023-428xx/CVE-2023-42824.json
@ -2,16 +2,28 @@
  "id": "CVE-2023-42824",
  "sourceIdentifier": "product-security@apple.com",
  "published": "2023-10-04T19:15:10.490",
-  "lastModified": "2023-10-04T19:53:11.513",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2023-10-06T06:15:11.740",
+  "vulnStatus": "Undergoing Analysis",
+  "cisaExploitAdd": "2023-10-05",
+  "cisaActionDue": "2023-10-26",
+  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+  "cisaVulnerabilityName": "Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability",
  "descriptions": [
    {
      "lang": "en",
      "value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6."
+    },
+    {
+      "lang": "es",
+      "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 17.0.3 y iPadOS 17.0.3. Un atacante local podr\u00eda aumentar sus privilegios. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.6."
    }
  ],
  "metrics": {},
  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2023/Oct/12",
+      "source": "product-security@apple.com"
+    },
    {
      "url": "https://support.apple.com/en-us/HT213961",
      "source": "product-security@apple.com"
--- a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
+++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-4911",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2023-10-03T18:15:10.463",
-  "lastModified": "2023-10-05T22:15:13.073",
-  "vulnStatus": "Modified",
+  "lastModified": "2023-10-06T06:15:12.157",
+  "vulnStatus": "Undergoing Analysis",
  "descriptions": [
    {
      "lang": "en",
@ -138,6 +138,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2023/Oct/11",
+      "source": "secalert@redhat.com"
+    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2023/10/03/2",
      "source": "secalert@redhat.com",
--- a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
+++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-5217",
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "published": "2023-09-28T16:15:10.980",
-  "lastModified": "2023-10-05T23:15:09.733",
-  "vulnStatus": "Modified",
+  "lastModified": "2023-10-06T06:15:12.867",
+  "vulnStatus": "Undergoing Analysis",
  "cisaExploitAdd": "2023-10-02",
  "cisaActionDue": "2023-10-23",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -109,6 +109,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://seclists.org/fulldisclosure/2023/Oct/12",
+      "source": "chrome-cve-admin@google.com"
+    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2023/09/28/5",
      "source": "chrome-cve-admin@google.com",
--- a/CVE-2023/CVE-2023-53xx/CVE-2023-5312.json
+++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5312.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-5312",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-10-06T06:15:13.257",
+  "lastModified": "2023-10-06T06:15:13.257",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical has been found in DedeCMS 5.7.111. Affected is an unknown function of the file baidunews.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240948."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/zzq66/cve/blob/main/rce_poc.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.240948",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.240948",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2023-10-06T06:00:26.330359+00:00
+2023-10-06T08:00:25.456857+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2023-10-06T05:15:52.803000+00:00
+2023-10-06T06:15:13.257000+00:00
 ```

 ### Last Data Feed Release
@ -29,20 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-227085
+227087
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `2`

-* [CVE-2023-26153](CVE-2023/CVE-2023-261xx/CVE-2023-26153.json) (`2023-10-06T05:15:52.803`)
+* [CVE-2023-40556](CVE-2023/CVE-2023-405xx/CVE-2023-40556.json) (`2023-10-06T06:15:11.157`)
+* [CVE-2023-5312](CVE-2023/CVE-2023-53xx/CVE-2023-5312.json) (`2023-10-06T06:15:13.257`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `5`

+* [CVE-2019-19726](CVE-2019/CVE-2019-197xx/CVE-2019-19726.json) (`2023-10-06T06:15:09.430`)
+* [CVE-2020-6215](CVE-2020/CVE-2020-62xx/CVE-2020-6215.json) (`2023-10-06T06:15:10.467`)
+* [CVE-2023-42824](CVE-2023/CVE-2023-428xx/CVE-2023-42824.json) (`2023-10-06T06:15:11.740`)
+* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2023-10-06T06:15:12.157`)
+* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-10-06T06:15:12.867`)


 ## Download and Usage