From 5669e67440b70ef8073993f38fa7d93fcc56319d Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 4 Sep 2023 20:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-04T20:00:24.904712+00:00 --- CVE-2022/CVE-2022-235xx/CVE-2022-23513.json | 10 ++-- CVE-2023/CVE-2023-325xx/CVE-2023-32560.json | 8 ++- CVE-2023/CVE-2023-400xx/CVE-2023-40015.json | 55 +++++++++++++++++++ CVE-2023/CVE-2023-410xx/CVE-2023-41052.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-410xx/CVE-2023-41054.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-410xx/CVE-2023-41055.json | 59 +++++++++++++++++++++ CVE-2023/CVE-2023-410xx/CVE-2023-41057.json | 59 +++++++++++++++++++++ README.md | 19 ++++--- 8 files changed, 316 insertions(+), 12 deletions(-) create mode 100644 CVE-2023/CVE-2023-400xx/CVE-2023-40015.json create mode 100644 CVE-2023/CVE-2023-410xx/CVE-2023-41052.json create mode 100644 CVE-2023/CVE-2023-410xx/CVE-2023-41054.json create mode 100644 CVE-2023/CVE-2023-410xx/CVE-2023-41055.json create mode 100644 CVE-2023/CVE-2023-410xx/CVE-2023-41057.json diff --git a/CVE-2022/CVE-2022-235xx/CVE-2022-23513.json b/CVE-2022/CVE-2022-235xx/CVE-2022-23513.json index 98d16aac810..51d87dc3370 100644 --- a/CVE-2022/CVE-2022-235xx/CVE-2022-23513.json +++ b/CVE-2022/CVE-2022-235xx/CVE-2022-23513.json @@ -2,12 +2,12 @@ "id": "CVE-2022-23513", "sourceIdentifier": "security-advisories@github.com", "published": "2022-12-23T00:15:08.747", - "lastModified": "2022-12-30T21:50:38.200", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-04T19:15:42.337", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists." + "value": "Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path:\n`/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists. \n" } ], "metrics": { @@ -85,6 +85,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174460/AdminLTE-PiHole-Broken-Access-Control.html", + "source": "security-advisories@github.com" + }, { "url": "https://github.com/pi-hole/AdminLTE/releases/tag/v5.18", "source": "security-advisories@github.com", diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json index 1a1f7f89fb2..45ae0a9d9a5 100644 --- a/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32560.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32560", "sourceIdentifier": "support@hackerone.com", "published": "2023-08-10T20:15:10.200", - "lastModified": "2023-08-16T13:04:36.617", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-04T19:15:43.413", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -87,6 +87,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/174459/Ivanti-Avalance-Remote-Code-Execution.html", + "source": "support@hackerone.com" + }, { "url": "https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US", "source": "support@hackerone.com", diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40015.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40015.json new file mode 100644 index 00000000000..7954894757e --- /dev/null +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40015.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-40015", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-04T18:15:07.880", + "lastModified": "2023-09-04T18:15:07.880", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vyper is a Pythonic Smart Contract Language. For the following (probably non-exhaustive) list of expressions, the compiler evaluates the arguments from right to left instead of left to right. `unsafe_add, unsafe_sub, unsafe_mul, unsafe_div, pow_mod256, |, &, ^ (bitwise operators), bitwise_or (deprecated), bitwise_and (deprecated), bitwise_xor (deprecated), raw_call, <, >, <=, >=, ==, !=, in, not in (when lhs and rhs are enums)`. This behaviour becomes a problem when the evaluation of one of the arguments produces side effects that other arguments depend on. The following expressions can produce side-effect: state modifying external call , state modifying internal call, `raw_call`, `pop()` when used on a Dynamic Array stored in the storage, `create_minimal_proxy_to`, `create_copy_of`, `create_from_blueprint`. This issue has not yet been patched. Users are advised to make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-670" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-g2xh-c426-v8mf", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41052.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41052.json new file mode 100644 index 00000000000..aeadc2d5bf0 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41052.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-41052", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-04T18:15:08.657", + "lastModified": "2023-09-04T18:15:08.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions `uint256_addmod`, `uint256_mulmod`, `ecadd` and `ecmul` does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side effects that other arguments depend on. A patch is currently being developed on pull request #3583. When using builtins from the list above, users should make sure that the arguments of the expression do not produce side effects or, if one does, that no other argument is dependent on those side effects." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-670" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vyperlang/vyper/pull/3583", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hg4-9mf5-wxxq", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41054.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41054.json new file mode 100644 index 00000000000..1031d264cd9 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41054.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-41054", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-04T18:15:08.977", + "lastModified": "2023-09-04T18:15:08.977", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `image_proxy.php` file of LibreY before commit 8f9b9803f231e2954e5b49987a532d28fe50a627. This vulnerability allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks via the `url` parameter. Remote attackers can use the server as a proxy to send HTTP GET requests and retrieve information in the internal network. Remote attackers can also request the server to download large files or chain requests among multiple instances to reduce the performance of the server or even deny access from legitimate users. This issue has been addressed in https://github.com/Ahwxorg/LibreY/pull/31. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Ahwxorg/LibreY/pull/31", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-p4f9-h8x8-mpwf", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41055.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41055.json new file mode 100644 index 00000000000..966ebe9de06 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41055.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-41055", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-04T18:15:09.203", + "lastModified": "2023-09-04T18:15:09.203", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. LibreY is subject to a Server-Side Request Forgery (SSRF) vulnerability in the `engines/google/text.php` and `engines/duckduckgo/text.php` files in versions before commit be59098abd119cda70b15bf3faac596dfd39a744. This vulnerability allows remote attackers to request the server to send HTTP GET requests to arbitrary targets and conduct Denial-of-Service (DoS) attacks via the `wikipedia_language` cookie. Remote attackers can request the server to download large files to reduce the performance of the server or even deny access from legitimate users. This issue has been patched in https://github.com/Ahwxorg/LibreY/pull/9. LibreY hosters are advised to use the latest commit. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Ahwxorg/LibreY/pull/9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Ahwxorg/LibreY/security/advisories/GHSA-xfj6-4vp9-8rgc", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41057.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41057.json new file mode 100644 index 00000000000..9646106eb32 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41057.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-41057", + "sourceIdentifier": "security-advisories@github.com", + "published": "2023-09-04T18:15:09.397", + "lastModified": "2023-09-04T18:15:09.397", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. That is combined with the project root directory to construct a full glob pattern that is used to find files that should be edited. These matched files should be contained within the project root directory, but that is not checked. This could result in changes being written to files outside of the project. The default behaviour of `hyper-bump-it` is to display the planned changes and prompt the user for confirmation before editing any files. However, the configuration file provides a field that can be used cause files to be edited without displaying the prompt. This issue has been fixed in release version 0.5.1. Users are advised to upgrade. Users that are unable to update from vulnerable versions, executing `hyper-bump-it` with the `--interactive` command line argument will ensure that all planned changes are displayed and prompt the user for confirmation before editing any files, even if the configuration file contains `show_confirm_prompt=true`.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/plannigan/hyper-bump-it/pull/307", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/plannigan/hyper-bump-it/security/advisories/GHSA-xc27-f9q3-4448", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a350f0d106e..96cb69c4a5e 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-04T18:00:24.984246+00:00 +2023-09-04T20:00:24.904712+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-04T16:15:08.143000+00:00 +2023-09-04T19:15:43.413000+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -224124 +224129 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `5` -* [CVE-2023-28072](CVE-2023/CVE-2023-280xx/CVE-2023-28072.json) (`2023-09-04T16:15:07.767`) -* [CVE-2023-4758](CVE-2023/CVE-2023-47xx/CVE-2023-4758.json) (`2023-09-04T16:15:08.143`) +* [CVE-2023-40015](CVE-2023/CVE-2023-400xx/CVE-2023-40015.json) (`2023-09-04T18:15:07.880`) +* [CVE-2023-41052](CVE-2023/CVE-2023-410xx/CVE-2023-41052.json) (`2023-09-04T18:15:08.657`) +* [CVE-2023-41054](CVE-2023/CVE-2023-410xx/CVE-2023-41054.json) (`2023-09-04T18:15:08.977`) +* [CVE-2023-41055](CVE-2023/CVE-2023-410xx/CVE-2023-41055.json) (`2023-09-04T18:15:09.203`) +* [CVE-2023-41057](CVE-2023/CVE-2023-410xx/CVE-2023-41057.json) (`2023-09-04T18:15:09.397`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `2` +* [CVE-2022-23513](CVE-2022/CVE-2022-235xx/CVE-2022-23513.json) (`2023-09-04T19:15:42.337`) +* [CVE-2023-32560](CVE-2023/CVE-2023-325xx/CVE-2023-32560.json) (`2023-09-04T19:15:43.413`) ## Download and Usage