From 5e275c71dcdee3499e17b70d751bfd2b408182a4 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 1 Oct 2023 02:00:29 +0000 Subject: [PATCH] Auto-Update: 2023-10-01T02:00:25.366534+00:00 --- CVE-2023/CVE-2023-439xx/CVE-2023-43907.json | 28 ++++++++++ CVE-2023/CVE-2023-444xx/CVE-2023-44488.json | 6 ++- CVE-2023/CVE-2023-52xx/CVE-2023-5217.json | 6 ++- CVE-2023/CVE-2023-53xx/CVE-2023-5323.json | 59 +++++++++++++++++++++ README.md | 42 ++++----------- 5 files changed, 107 insertions(+), 34 deletions(-) create mode 100644 CVE-2023/CVE-2023-439xx/CVE-2023-43907.json create mode 100644 CVE-2023/CVE-2023-53xx/CVE-2023-5323.json diff --git a/CVE-2023/CVE-2023-439xx/CVE-2023-43907.json b/CVE-2023/CVE-2023-439xx/CVE-2023-43907.json new file mode 100644 index 00000000000..91a112a49f8 --- /dev/null +++ b/CVE-2023/CVE-2023-439xx/CVE-2023-43907.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-43907", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-10-01T01:15:24.947", + "lastModified": "2023-10-01T01:15:24.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://optipng.sourceforge.net/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md", + "source": "cve@mitre.org" + }, + { + "url": "https://sourceforge.net/projects/optipng/files/OptiPNG/optipng-0.7.7/optipng-0.7.7.tar.gz/download?use_mirror=udomain&download=", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json b/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json index 8ae33214d56..eb79cbe1643 100644 --- a/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json +++ b/CVE-2023/CVE-2023-444xx/CVE-2023-44488.json @@ -2,7 +2,7 @@ "id": "CVE-2023-44488", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-30T20:15:10.200", - "lastModified": "2023-09-30T20:15:10.200", + "lastModified": "2023-10-01T00:15:09.803", "vulnStatus": "Received", "descriptions": [ { @@ -12,6 +12,10 @@ ], "metrics": {}, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4", + "source": "cve@mitre.org" + }, { "url": "https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json index 8c4f07759f2..5072f353f9e 100644 --- a/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5217.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5217", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2023-09-28T16:15:10.980", - "lastModified": "2023-09-30T21:15:10.203", + "lastModified": "2023-10-01T00:15:09.863", "vulnStatus": "Modified", "descriptions": [ { @@ -171,6 +171,10 @@ "url": "http://www.openwall.com/lists/oss-security/2023/09/30/3", "source": "chrome-cve-admin@google.com" }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/09/30/4", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://arstechnica.com/security/2023/09/new-0-day-in-chrome-and-firefox-is-likely-to-plague-other-software/", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5323.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5323.json new file mode 100644 index 00000000000..fb871c67063 --- /dev/null +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5323.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5323", + "sourceIdentifier": "security@huntr.dev", + "published": "2023-10-01T01:15:24.997", + "lastModified": "2023-10-01T01:15:24.997", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dolibarr/dolibarr/commit/695ca086847b3b6a185afa93e897972c93c43d15", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.dev/bounties/7a048bb7-bfdd-4299-931e-9bc283e92bc8", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1a5f396bf8f..7531336d584 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-30T23:55:24.571588+00:00 +2023-10-01T02:00:25.366534+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-30T23:15:40.433000+00:00 +2023-10-01T01:15:24.997000+00:00 ``` ### Last Data Feed Release @@ -23,51 +23,29 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-09-30T00:00:13.543041+00:00 +2023-10-01T00:00:13.540334+00:00 ``` ### Total Number of included CVEs ```plain -226693 +226695 ``` ### CVEs added in the last Commit -Recently added CVEs: `21` +Recently added CVEs: `2` -* [CVE-2023-43717](CVE-2023/CVE-2023-437xx/CVE-2023-43717.json) (`2023-09-30T22:15:10.347`) -* [CVE-2023-43718](CVE-2023/CVE-2023-437xx/CVE-2023-43718.json) (`2023-09-30T22:15:10.410`) -* [CVE-2023-43719](CVE-2023/CVE-2023-437xx/CVE-2023-43719.json) (`2023-09-30T22:15:10.467`) -* [CVE-2023-43720](CVE-2023/CVE-2023-437xx/CVE-2023-43720.json) (`2023-09-30T22:15:10.533`) -* [CVE-2023-43721](CVE-2023/CVE-2023-437xx/CVE-2023-43721.json) (`2023-09-30T22:15:10.597`) -* [CVE-2023-43722](CVE-2023/CVE-2023-437xx/CVE-2023-43722.json) (`2023-09-30T22:15:10.657`) -* [CVE-2023-43723](CVE-2023/CVE-2023-437xx/CVE-2023-43723.json) (`2023-09-30T22:15:10.717`) -* [CVE-2023-43724](CVE-2023/CVE-2023-437xx/CVE-2023-43724.json) (`2023-09-30T22:15:10.777`) -* [CVE-2023-43725](CVE-2023/CVE-2023-437xx/CVE-2023-43725.json) (`2023-09-30T22:15:10.843`) -* [CVE-2023-43726](CVE-2023/CVE-2023-437xx/CVE-2023-43726.json) (`2023-09-30T22:15:10.903`) -* [CVE-2023-43727](CVE-2023/CVE-2023-437xx/CVE-2023-43727.json) (`2023-09-30T22:15:10.967`) -* [CVE-2023-43728](CVE-2023/CVE-2023-437xx/CVE-2023-43728.json) (`2023-09-30T22:15:11.027`) -* [CVE-2023-43729](CVE-2023/CVE-2023-437xx/CVE-2023-43729.json) (`2023-09-30T22:15:11.097`) -* [CVE-2023-43730](CVE-2023/CVE-2023-437xx/CVE-2023-43730.json) (`2023-09-30T22:15:11.163`) -* [CVE-2023-43731](CVE-2023/CVE-2023-437xx/CVE-2023-43731.json) (`2023-09-30T22:15:11.227`) -* [CVE-2023-43732](CVE-2023/CVE-2023-437xx/CVE-2023-43732.json) (`2023-09-30T23:15:40.127`) -* [CVE-2023-43733](CVE-2023/CVE-2023-437xx/CVE-2023-43733.json) (`2023-09-30T23:15:40.203`) -* [CVE-2023-43734](CVE-2023/CVE-2023-437xx/CVE-2023-43734.json) (`2023-09-30T23:15:40.260`) -* [CVE-2023-43735](CVE-2023/CVE-2023-437xx/CVE-2023-43735.json) (`2023-09-30T23:15:40.320`) -* [CVE-2023-5111](CVE-2023/CVE-2023-51xx/CVE-2023-5111.json) (`2023-09-30T23:15:40.377`) -* [CVE-2023-5112](CVE-2023/CVE-2023-51xx/CVE-2023-5112.json) (`2023-09-30T23:15:40.433`) +* [CVE-2023-43907](CVE-2023/CVE-2023-439xx/CVE-2023-43907.json) (`2023-10-01T01:15:24.947`) +* [CVE-2023-5323](CVE-2023/CVE-2023-53xx/CVE-2023-5323.json) (`2023-10-01T01:15:24.997`) ### CVEs modified in the last Commit -Recently modified CVEs: `5` +Recently modified CVEs: `2` -* [CVE-2022-27635](CVE-2022/CVE-2022-276xx/CVE-2022-27635.json) (`2023-09-30T22:15:09.903`) -* [CVE-2022-36351](CVE-2022/CVE-2022-363xx/CVE-2022-36351.json) (`2023-09-30T22:15:10.010`) -* [CVE-2022-38076](CVE-2022/CVE-2022-380xx/CVE-2022-38076.json) (`2023-09-30T22:15:10.090`) -* [CVE-2022-40964](CVE-2022/CVE-2022-409xx/CVE-2022-40964.json) (`2023-09-30T22:15:10.177`) -* [CVE-2022-46329](CVE-2022/CVE-2022-463xx/CVE-2022-46329.json) (`2023-09-30T22:15:10.257`) +* [CVE-2023-44488](CVE-2023/CVE-2023-444xx/CVE-2023-44488.json) (`2023-10-01T00:15:09.803`) +* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2023-10-01T00:15:09.863`) ## Download and Usage