Auto-Update: 2024-01-12T13:00:24.501404+00:00

2025-05-07 19:16:29 +00:00 · 2024-01-12 13:00:28 +00:00 · 2024-01-12 13:00:28 +00:00 · 5c56cb0259
commit 5c56cb0259
parent 73324ca51e
6 changed files with 146 additions and 19 deletions
--- a/CVE-2022/CVE-2022-461xx/CVE-2022-46146.json
+++ b/CVE-2022/CVE-2022-461xx/CVE-2022-46146.json
@ -2,7 +2,7 @@
  "id": "CVE-2022-46146",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2022-11-29T14:15:13.283",
-  "lastModified": "2023-11-07T03:55:01.473",
+  "lastModified": "2024-01-12T12:15:45.110",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -37,7 +37,7 @@
        "impactScore": 5.9
      },
      {
-        "source": "a0819718-46f1-4df5-94e2-005712e83aaa",
+        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
@ -60,7 +60,7 @@
  },
  "weaknesses": [
    {
-      "source": "a0819718-46f1-4df5-94e2-005712e83aaa",
+      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
@ -155,6 +155,10 @@
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ULVDTAI76VATRAHTKCE2SUJ4NC3PQZ6Y/",
      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://security.gentoo.org/glsa/202401-15",
+      "source": "security-advisories@github.com"
    }
  ]
 }
--- a/CVE-2023/CVE-2023-15xx/CVE-2023-1561.json
+++ b/CVE-2023/CVE-2023-15xx/CVE-2023-1561.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-1561",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2023-03-22T12:15:10.763",
-  "lastModified": "2023-11-07T04:04:05.760",
+  "lastModified": "2024-01-12T12:36:21.193",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -33,7 +33,7 @@
        "impactScore": 5.9
      },
      {
-        "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
@ -55,7 +55,7 @@
    ],
    "cvssMetricV2": [
      {
-        "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
@ -81,7 +81,7 @@
  },
  "weaknesses": [
    {
-      "source": "1af790b2-7ee1-4545-860a-a788eba489b5",
+      "source": "cna@vuldb.com",
      "type": "Primary",
      "description": [
        {
@ -100,8 +100,8 @@
          "cpeMatch": [
            {
              "vulnerable": true,
-              "criteria": "cpe:2.3:a:simple_online_hotel_reservation_system_project:simple_online_hotel_reservation_system:1.0:*:*:*:*:*:*:*",
-              "matchCriteriaId": "79AC003E-5EAF-4542-96E0-FF329974D324"
+              "criteria": "cpe:2.3:a:fabianros:simple_online_hotel_reservation_system:1.0:*:*:*:*:*:*:*",
+              "matchCriteriaId": "61BF42C7-3A62-4829-9CFE-E7522E8E62CC"
            }
          ]
        }
--- a/CVE-2023/CVE-2023-495xx/CVE-2023-49568.json
+++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49568.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-49568",
+  "sourceIdentifier": "cve-requests@bitdefender.com",
+  "published": "2024-01-12T11:15:12.680",
+  "lastModified": "2024-01-12T11:15:12.680",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git\u00a0clients.\n\nApplications using only the in-memory filesystem supported by go-git\u00a0are not affected by this vulnerability.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.\n\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "Se descubri\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en versiones de go-git anteriores a la v5.11. Esta vulnerabilidad permite a un atacante realizar ataques de denegaci\u00f3n de servicio proporcionando respuestas especialmente manipuladas desde un servidor Git que provoca el agotamiento de los recursos en los clientes go-git. Las aplicaciones que utilizan \u00fanicamente el sistema de archivos en memoria compatible con go-git no se ven afectadas por esta vulnerabilidad. Este es un problema de implementaci\u00f3n de go-git y no afecta el cli de git ascendente."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-requests@bitdefender.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-requests@bitdefender.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r",
+      "source": "cve-requests@bitdefender.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-495xx/CVE-2023-49569.json
+++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49569.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-49569",
+  "sourceIdentifier": "cve-requests@bitdefender.com",
+  "published": "2024-01-12T11:15:13.250",
+  "lastModified": "2024-01-12T11:15:13.250",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved.\n\nApplications are only affected if they are using the  ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using \"Plain\" versions of Open and Clone funcs (e.g. PlainClone). Applications using  BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS \u00a0or in-memory filesystems are not affected by this issue.\nThis is a go-git\u00a0implementation issue and does not affect the upstream git\u00a0cli.\n\n\n"
+    },
+    {
+      "lang": "es",
+      "value": "Se descubri\u00f3 una vulnerabilidad de path traversal en versiones de go-git anteriores a la v5.11. Esta vulnerabilidad permite a un atacante crear y modificar archivos en todo el sistema de archivos. En el peor de los casos, se podr\u00eda lograr la ejecuci\u00f3n remota de c\u00f3digo. Las aplicaciones solo se ven afectadas si usan ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS, que es el valor predeterminado cuando se usan versiones \"simples\" de Open y funciones de clonaci\u00f3n (por ejemplo, PlainClone). Las aplicaciones que utilizan BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS o sistemas de archivos en memoria no se ven afectados por este problema. Este es un problema de implementaci\u00f3n de go-git y no afecta el cli de git ascendente."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-requests@bitdefender.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-requests@bitdefender.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/go-git/go-git/security/advisories/GHSA-449p-3h89-pw88",
+      "source": "cve-requests@bitdefender.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-04xx/CVE-2024-0416.json
+++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0416.json
@ -2,12 +2,16 @@
  "id": "CVE-2024-0416",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-01-11T18:15:44.460",
-  "lastModified": "2024-01-11T18:15:44.460",
+  "lastModified": "2024-01-12T11:15:13.480",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument file_name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250436."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad fue encontrada en DeShang DSMall hasta 5.0.3 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo application/home/controller/MemberAuth.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento file_name conduce a path traversal: '../filedir'. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250436."
    }
  ],
  "metrics": {
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-12T11:00:24.440890+00:00
+2024-01-12T13:00:24.501404+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-12T09:15:44.133000+00:00
+2024-01-12T12:36:21.193000+00:00
 ```

 ### Last Data Feed Release
@ -29,23 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-235738
+235740
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `2`

-* [CVE-2023-30014](CVE-2023/CVE-2023-300xx/CVE-2023-30014.json) (`2024-01-12T09:15:43.927`)
-* [CVE-2023-30015](CVE-2023/CVE-2023-300xx/CVE-2023-30015.json) (`2024-01-12T09:15:44.040`)
-* [CVE-2023-30016](CVE-2023/CVE-2023-300xx/CVE-2023-30016.json) (`2024-01-12T09:15:44.083`)
-* [CVE-2023-48909](CVE-2023/CVE-2023-489xx/CVE-2023-48909.json) (`2024-01-12T09:15:44.133`)
+* [CVE-2023-49568](CVE-2023/CVE-2023-495xx/CVE-2023-49568.json) (`2024-01-12T11:15:12.680`)
+* [CVE-2023-49569](CVE-2023/CVE-2023-495xx/CVE-2023-49569.json) (`2024-01-12T11:15:13.250`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `3`

+* [CVE-2022-46146](CVE-2022/CVE-2022-461xx/CVE-2022-46146.json) (`2024-01-12T12:15:45.110`)
+* [CVE-2023-1561](CVE-2023/CVE-2023-15xx/CVE-2023-1561.json) (`2024-01-12T12:36:21.193`)
+* [CVE-2024-0416](CVE-2024/CVE-2024-04xx/CVE-2024-0416.json) (`2024-01-12T11:15:13.480`)


 ## Download and Usage