Auto-Update: 2023-06-19T20:00:28.998300+00:00

CVE-2023/CVE-2023-29xx/CVE-2023-2986.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-2986",
   "sourceIdentifier": "security@wordfence.com",
   "published": "2023-06-08T02:15:09.217",
-  "lastModified": "2023-06-16T19:15:14.577",
+  "lastModified": "2023-06-19T18:15:09.577",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -89,6 +89,10 @@
       "url": "http://packetstormsecurity.com/files/172966/WordPress-Abandoned-Cart-Lite-For-WooCommerce-5.14.2-Authentication-Bypass.html",
       "source": "security@wordfence.com"
     },
+    {
+      "url": "http://packetstormsecurity.com/files/173018/WordPress-Abandoned-Cart-Lite-For-WooCommerce-5.14.2-Authentication-Bypass.html",
+      "source": "security@wordfence.com"
+    },
     {
       "url": "https://plugins.trac.wordpress.org/browser/woocommerce-abandoned-cart/trunk/woocommerce-ac.php#L1815",
       "source": "security@wordfence.com",

CVE-2023/CVE-2023-30xx/CVE-2023-3022.json

@@ -0,0 +1,36 @@
+{
+  "id": "CVE-2023-3022",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-06-19T18:15:09.870",
+  "lastModified": "2023-06-19T18:15:09.870",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-843"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211440",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://github.com/torvalds/linux/commit/a65120bae4b7",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-33xx/CVE-2023-3312.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-3312",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2023-06-19T18:15:09.920",
+  "lastModified": "2023-06-19T18:15:09.920",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-415"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://patchwork.kernel.org/project/linux-pm/patch/20230323174026.950622-1-krzysztof.kozlowski@linaro.org/",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-340xx/CVE-2023-34096.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-34096",
   "sourceIdentifier": "security-advisories@github.com",
   "published": "2023-06-08T19:15:09.773",
-  "lastModified": "2023-06-19T01:15:08.563",
+  "lastModified": "2023-06-19T18:15:09.677",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -98,6 +98,10 @@
       "url": "https://galogetlatorre.blogspot.com/2023/06/cve-2023-34096-path-traversal-thruk.html",
       "source": "security-advisories@github.com"
     },
+    {
+      "url": "https://github.com/galoget/Thruk-CVE-2023-34096",
+      "source": "security-advisories@github.com"
+    },
     {
       "url": "https://github.com/sni/Thruk/blob/1bc5a5804bf9fc22e82a4eadb21a1795954f0867/plugins/plugins-available/panorama/lib/Thruk/Controller/panorama.pm#L690",
       "source": "security-advisories@github.com",
@@ -147,6 +151,10 @@
         "Exploit",
         "Vendor Advisory"
       ]
+    },
+    {
+      "url": "https://www.exploit-db.com/exploits/51509",
+      "source": "security-advisories@github.com"
     }
   ]
 }

CVE-2023/CVE-2023-344xx/CVE-2023-34461.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-34461",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2023-06-19T18:15:09.763",
+  "lastModified": "2023-06-19T18:15:09.763",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `<a>` that looks like ```<a href=javascript:alert (1)>xss</a>``` could have been used to run code through JavaScript on the client side. The problem has been patched as of commit `5defd92`, and users are advised to upgrade. Attackers do need posting privilege in order to exploit this vulnerability. This vulnerability is present within the 0.1.0 release, and users are advised to upgrade to 0.1.1. Users unable to upgrade may be able to work around the attack by either; Removing the ability to create posts, removing the `|safe` tag from the Jinja2 template titled \"post.html\" in templates or by adding manual validation of links in the post creation section."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/benjjvi/PyBB/commit/5defd922ab05a193a783392d447c6538628cf854",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/benjjvi/PyBB/security/advisories/GHSA-mv96-w49p-438p",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-358xx/CVE-2023-35843.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-35843",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2023-06-19T18:15:09.830",
+  "lastModified": "2023-06-19T18:15:09.830",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://advisory.dw1.io/60",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/nocodb/nocodb/blob/6decfa2b20c28db9946bddce0bcb1442b683ecae/packages/nocodb/src/lib/controllers/attachment.ctl.ts#L62-L74",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/nocodb/nocodb/blob/f7ee7e3beb91d313a159895d1edc1aba9d91b0bc/packages/nocodb/src/controllers/attachments.controller.ts#L55-L66",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-06-19T18:00:29.563266+00:00
+2023-06-19T20:00:28.998300+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-06-19T17:15:12.367000+00:00
+2023-06-19T18:15:09.920000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,48 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-218100
+218104
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `27`
+Recently added CVEs: `4`
 
-* [CVE-2022-48487](CVE-2022/CVE-2022-484xx/CVE-2022-48487.json) (`2023-06-19T17:15:11.383`)
-* [CVE-2022-48488](CVE-2022/CVE-2022-484xx/CVE-2022-48488.json) (`2023-06-19T17:15:11.427`)
-* [CVE-2022-48489](CVE-2022/CVE-2022-484xx/CVE-2022-48489.json) (`2023-06-19T17:15:11.467`)
-* [CVE-2022-48490](CVE-2022/CVE-2022-484xx/CVE-2022-48490.json) (`2023-06-19T17:15:11.507`)
-* [CVE-2022-48491](CVE-2022/CVE-2022-484xx/CVE-2022-48491.json) (`2023-06-19T17:15:11.547`)
-* [CVE-2022-48492](CVE-2022/CVE-2022-484xx/CVE-2022-48492.json) (`2023-06-19T17:15:11.590`)
-* [CVE-2022-48493](CVE-2022/CVE-2022-484xx/CVE-2022-48493.json) (`2023-06-19T17:15:11.633`)
-* [CVE-2022-48494](CVE-2022/CVE-2022-484xx/CVE-2022-48494.json) (`2023-06-19T17:15:11.673`)
-* [CVE-2022-48495](CVE-2022/CVE-2022-484xx/CVE-2022-48495.json) (`2023-06-19T17:15:11.710`)
-* [CVE-2022-48496](CVE-2022/CVE-2022-484xx/CVE-2022-48496.json) (`2023-06-19T17:15:11.753`)
-* [CVE-2022-48497](CVE-2022/CVE-2022-484xx/CVE-2022-48497.json) (`2023-06-19T17:15:11.793`)
-* [CVE-2022-48498](CVE-2022/CVE-2022-484xx/CVE-2022-48498.json) (`2023-06-19T17:15:11.833`)
-* [CVE-2022-48499](CVE-2022/CVE-2022-484xx/CVE-2022-48499.json) (`2023-06-19T17:15:11.880`)
-* [CVE-2022-48500](CVE-2022/CVE-2022-485xx/CVE-2022-48500.json) (`2023-06-19T17:15:11.920`)
-* [CVE-2022-48501](CVE-2022/CVE-2022-485xx/CVE-2022-48501.json) (`2023-06-19T17:15:11.960`)
-* [CVE-2023-34155](CVE-2023/CVE-2023-341xx/CVE-2023-34155.json) (`2023-06-19T17:15:12.007`)
-* [CVE-2023-34156](CVE-2023/CVE-2023-341xx/CVE-2023-34156.json) (`2023-06-19T17:15:12.050`)
-* [CVE-2023-34158](CVE-2023/CVE-2023-341xx/CVE-2023-34158.json) (`2023-06-19T17:15:12.090`)
-* [CVE-2023-34159](CVE-2023/CVE-2023-341xx/CVE-2023-34159.json) (`2023-06-19T17:15:12.130`)
-* [CVE-2023-34160](CVE-2023/CVE-2023-341xx/CVE-2023-34160.json) (`2023-06-19T17:15:12.170`)
-* [CVE-2023-34161](CVE-2023/CVE-2023-341xx/CVE-2023-34161.json) (`2023-06-19T17:15:12.207`)
-* [CVE-2023-34162](CVE-2023/CVE-2023-341xx/CVE-2023-34162.json) (`2023-06-19T17:15:12.247`)
-* [CVE-2023-34163](CVE-2023/CVE-2023-341xx/CVE-2023-34163.json) (`2023-06-19T17:15:12.287`)
-* [CVE-2023-34166](CVE-2023/CVE-2023-341xx/CVE-2023-34166.json) (`2023-06-19T17:15:12.327`)
-* [CVE-2023-34167](CVE-2023/CVE-2023-341xx/CVE-2023-34167.json) (`2023-06-19T17:15:12.367`)
+* [CVE-2023-34461](CVE-2023/CVE-2023-344xx/CVE-2023-34461.json) (`2023-06-19T18:15:09.763`)
+* [CVE-2023-35843](CVE-2023/CVE-2023-358xx/CVE-2023-35843.json) (`2023-06-19T18:15:09.830`)
+* [CVE-2023-3022](CVE-2023/CVE-2023-30xx/CVE-2023-3022.json) (`2023-06-19T18:15:09.870`)
+* [CVE-2023-3312](CVE-2023/CVE-2023-33xx/CVE-2023-3312.json) (`2023-06-19T18:15:09.920`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `4`
+Recently modified CVEs: `2`
 
-* [CVE-2019-2388](CVE-2019/CVE-2019-23xx/CVE-2019-2388.json) (`2023-06-19T16:15:09.267`)
-* [CVE-2019-2389](CVE-2019/CVE-2019-23xx/CVE-2019-2389.json) (`2023-06-19T16:15:09.353`)
-* [CVE-2019-2390](CVE-2019/CVE-2019-23xx/CVE-2019-2390.json) (`2023-06-19T16:15:09.440`)
-* [CVE-2019-2391](CVE-2019/CVE-2019-23xx/CVE-2019-2391.json) (`2023-06-19T16:15:09.510`)
+* [CVE-2023-2986](CVE-2023/CVE-2023-29xx/CVE-2023-2986.json) (`2023-06-19T18:15:09.577`)
+* [CVE-2023-34096](CVE-2023/CVE-2023-340xx/CVE-2023-34096.json) (`2023-06-19T18:15:09.677`)
 
 
 ## Download and Usage